CVE-2004-2532

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2532
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
solarwinds / serv-u_file_server	3.0.0.16	3.0.0.16.x
solarwinds / serv-u_file_server	3.0.0.17	3.0.0.17.x
solarwinds / serv-u_file_server	3.1.0.0	3.1.0.0.x
solarwinds / serv-u_file_server	3.1.0.1	3.1.0.1.x
solarwinds / serv-u_file_server	3.1.0.3	3.1.0.3.x
solarwinds / serv-u_file_server	4.0.0.4	4.0.0.4.x
solarwinds / serv-u_file_server	4.1.0.0	4.1.0.0.x
solarwinds / serv-u_file_server	4.1.0.3	4.1.0.3.x
solarwinds / serv-u_file_server	5.0.0.0	5.0.0.0.x
solarwinds / serv-u_file_server	5.0.0.4	5.0.0.4.x
solarwinds / serv-u_file_server	5.0.0.9	5.0.0.9.x
solarwinds / serv-u_file_server	-	5.0.0.11.x

Vulnerability Database

289,697

CVE-2004-2532