CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
The version of SolarWinds Serv-U installed on the remote host is prior to 15.2.2 HF1. It is, therefore, affected by a vulnerability as referenced in the serv-u_15_2_2_hf_1 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(207857);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/27");
script_cve_id("CVE-2021-25276");
script_name(english:"SolarWinds Serv-U 15.2.0 < 15.2.3");
script_set_attribute(attribute:"synopsis", value:
"SolarWinds Serv-U is affected by a vulnerability");
script_set_attribute(attribute:"description", value:
"The version of SolarWinds Serv-U installed on the remote host is prior to 15.2.2 HF1. It is, therefore, affected by a
vulnerability as referenced in the serv-u_15_2_2_hf_1 advisory.
- In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that
include users' password hashes) that is world readable and writable. An unprivileged Windows user (having
access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory.
For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to
read or replace arbitrary files with LocalSystem privileges. (CVE-2021-25276)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://www.solarwinds.com/trust-center/security-advisories/cve-2021-25276
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?757db6b2");
script_set_attribute(attribute:"solution", value:
"Upgrade to Serv-U version 15.2.2 HF1 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25276");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:solarwinds:serv-u");
script_set_attribute(attribute:"cpe", value:"cpe:/a:solarwinds:serv-u_file_server");
script_set_attribute(attribute:"cpe", value:"cpe:/a:serv-u:serv-u");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"FTP");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("servu_version.nasl");
script_require_keys("installed_sw/Serv-U");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
include('ftp_func.inc');
var port = get_ftp_port(default:21);
var app_info = vcf::get_app_info(app:'Serv-U', port:port);
var constraints = [
{ 'min_version' : '15.2.0', 'max_version' : '15.2.2', 'fixed_version' : '15.2.3', 'fixed_display' : '15.2.2 HF1' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
require_paranoia:TRUE,
severity:SECURITY_NOTE
);
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High