module

SolarWinds Serv-U Unauthenticated Arbitrary File Read

Try Surface Command
Back to search
Disclosed
N/A
Created
Jun 19, 2024

Description

This module exploits an unauthenticated file read vulnerability, due to directory traversal, affecting
SolarWinds Serv-U FTP Server 15.4, Serv-U Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to
the vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are affected.

Authors

sfewer-r7
Hussein Daher

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use auxiliary/gather/solarwinds_servu_fileread_cve_2024_28995
    msf auxiliary(solarwinds_servu_fileread_cve_2024_28995) > show actions
        ...actions...
    msf auxiliary(solarwinds_servu_fileread_cve_2024_28995) > set ACTION < action-name >
    msf auxiliary(solarwinds_servu_fileread_cve_2024_28995) > show options
        ...show and set options...
    msf auxiliary(solarwinds_servu_fileread_cve_2024_28995) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today