CVE-2024-45711

moderate-risk

Published 2024-10-16

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability

Do I need to act?

10.7% chance of exploitation in next 30 days

EPSS score — higher than 89% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (1)

Serv-U

Affected Vendors

Solarwinds

References (1)

Vendor Advisory https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 11/34 · Low

Exposure 5/34 · Minimal