Login Sign Up

CVE-2024-28995

8.6 HIGH

📋 TL;DR

SolarWinds Serv-U contains a directory traversal vulnerability that allows attackers to read sensitive files on the host system. This affects organizations using vulnerable versions of SolarWinds Serv-U file transfer software. The vulnerability could expose credentials, configuration files, and other sensitive data.

💻 Affected Systems

Products:
  • SolarWinds Serv-U
Versions: Specific versions not detailed in provided references, but CVE-2024-28995 affects recent versions
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All Serv-U installations with default configurations are vulnerable until patched.

📦 What is this software?

Serv U by Solarwinds

View all CVEs affecting Serv U →

Serv U by Solarwinds

View all CVEs affecting Serv U →

Serv U by Solarwinds

View all CVEs affecting Serv U →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive data including credentials, configuration files, and potentially access to other systems through exposed secrets.

🟠

Likely Case

Exfiltration of sensitive files containing credentials, configuration data, or other proprietary information.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CISA has added this to their Known Exploited Vulnerabilities catalog, confirming active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check SolarWinds advisory for specific patched versions

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995

Restart Required: Yes

Instructions:

1. Download latest Serv-U version from SolarWinds portal. 2. Backup current configuration. 3. Install update following SolarWinds documentation. 4. Restart Serv-U services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Serv-U to only trusted networks and users

File System Permissions

all

Restrict file system permissions for Serv-U service account to minimum required

🧯 If You Can't Patch

  • Implement strict network access controls to limit Serv-U exposure
  • Monitor Serv-U logs for directory traversal attempts and file access patterns

🔍 How to Verify

Check if Vulnerable:

Check Serv-U version against SolarWinds security advisory for CVE-2024-28995

Check Version:

Check Serv-U web interface or console for version information

Verify Fix Applied:

Verify Serv-U version is updated to patched version specified in SolarWinds advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns
  • Directory traversal strings in request logs
  • Access to sensitive system files

Network Indicators:

  • HTTP requests containing directory traversal sequences (../, ..\) to Serv-U

SIEM Query:

source="serv-u" AND ("..\" OR "../" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2024-28995
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-22
Published: June 6, 2024
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28995, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)