CVE-2024-45711
Published: 16 October 2024
Summary
CVE-2024-45711 is a high-severity Path Traversal (CWE-22) vulnerability in Solarwinds Serv-U. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
SolarWinds Serv-U is affected by a directory traversal vulnerability, identified as CVE-2024-45711 and assigned CWE-22, that can permit remote code execution depending on the privileges assigned to an authenticated user. The flaw is triggered through abuse of software environment variables and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, high complexity, low privileges required, and high impact across confidentiality, integrity, and availability.
An authenticated user can exploit the issue remotely, though the high attack complexity limits the conditions under which code execution or other unauthorized actions become possible.
The SolarWinds advisory published at https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711 provides official guidance on the vulnerability. The associated EPSS score has remained flat at 0.1069 with no material rise observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41561
Vulnerability details
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are…
more
abused. Authentication is required for this vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.