Vulnerability Description
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Serv-U File Server | <= 5.0.0.11 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.htmlExploit
- http://www.osvdb.org/8877
- http://www.securityfocus.com/bid/10886Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16925
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.htmlExploit
- http://www.osvdb.org/8877
- http://www.securityfocus.com/bid/10886Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16925
FAQ
What is CVE-2004-2532?
CVE-2004-2532 is a vulnerability with a CVSS score of 10.0 (HIGH). Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default admin...
How severe is CVE-2004-2532?
CVE-2004-2532 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2532?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Serv-U File Server.