module
SolarWinds Serv-U Unauthenticated Arbitrary File Read
| Disclosed | Created |
|---|---|
| 01/01/1970 | 06/19/2024 |
Disclosed
01/01/1970
Created
06/19/2024
Description
This module exploits an unauthenticated file read vulnerability, due to directory traversal, affecting
SolarWinds Serv-U FTP Server 15.4, Serv-U Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to
the vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are affected.
SolarWinds Serv-U FTP Server 15.4, Serv-U Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to
the vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are affected.
Authors
sfewer-r7Hussein Daher
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/gather/solarwinds_servu_fileread_cve_2024_28995
msf /(5) > show actions
...actions...
msf /(5) > set ACTION < action-name >
msf /(5) > show options
...show and set options...
msf /(5) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.