CVE-2021-25276 is a vulnerability in SolarWinds Serv U
Published on February 3, 2021

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.

NVD

Products Associated with CVE-2021-25276

Want to know whenever a new CVE is published for SolarWinds Serv U? stack.watch will email you.

SolarWinds Serv U

Exploit Probability

EPSS

0.41%

Percentile

60.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-25276 is a vulnerability in SolarWinds Serv UPublished on February 3, 2021

Products Associated with CVE-2021-25276

Exploit Probability

CVE-2021-25276 is a vulnerability in SolarWinds Serv U
Published on February 3, 2021