ID

VAR-200412-0836


CVE

CVE-2004-2532


TITLE

SolarWinds Serv-U File Server Trust Management Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

DESCRIPTION

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. The weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts

Trust: 1.17

sources: NVD: CVE-2004-2532 // BID: 10886

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:lteversion:5.0.0.11

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.9

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.16

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.17

Trust: 1.0

vendor:serv umodel:serv-uscope:eqversion:3.1.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.17

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.16

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.11

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:6.0.0.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:6.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.2.0.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.1.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.9

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.6

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.2

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1.0.11

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.0

Trust: 0.3

sources: BID: 10886 // CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2532
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-693
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2004-2532
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.0

sources: NVD: CVE-2004-2532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

PATCH

title:SolarWinds Serv-U File Server Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125159

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

EXTERNAL IDS

db:BIDid:10886

Trust: 1.9

db:OSVDBid:8877

Trust: 1.6

db:NVDid:CVE-2004-2532

Trust: 1.6

db:CNNVDid:CNNVD-200412-693

Trust: 0.6

sources: BID: 10886 // CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

REFERENCES

url:http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html

Trust: 1.6

url:http://www.securityfocus.com/bid/10886

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16925

Trust: 1.6

url:http://www.osvdb.org/8877

Trust: 1.6

url:http://www.serv-u.com/

Trust: 0.3

url:http://support.coresecurity.com/impact/exploits/16d127c3a0ee7d8db396b1aa40eeef5e.html

Trust: 0.3

sources: BID: 10886 // CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

CREDITS

Discovery is credited to aT4r ins4n3 <at4r@ciberdreams.com>.

Trust: 0.9

sources: BID: 10886 // CNNVD: CNNVD-200412-693

SOURCES

db:BIDid:10886
db:CNNVDid:CNNVD-200412-693
db:NVDid:CVE-2004-2532

LAST UPDATE DATE

2024-11-23T22:47:15.034000+00:00


SOURCES UPDATE DATE

db:BIDid:10886date:2004-08-08T00:00:00
db:CNNVDid:CNNVD-200412-693date:2020-07-29T00:00:00
db:NVDid:CVE-2004-2532date:2024-11-20T23:53:35.677

SOURCES RELEASE DATE

db:BIDid:10886date:2004-08-08T00:00:00
db:CNNVDid:CNNVD-200412-693date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2532date:2004-12-31T05:00:00