CVE-2021-35223

Summary

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.

Affected Software

VendorProductVersion RangeStatus
SolarWindsServ-U15.2.3 and previous versions <= 15.2.4affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below: https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US

ADP Enrichment

CVE Program Container

Additional References

References