CVE-2023-40060

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Sep 7, 2023

Updated: Sep 14, 2023

CWE ID 284

Summary

CVE-2023-40060 is a newly discovered vulnerability affecting Serv-U versions 15.4 and 15.4 Hotfix 1. This issue enables unauthorized access by bypassing multi-factor authentication if an attacker holds administrator-level privileges. SolarWinds, the software vendor, acknowledged that the vulnerability persisted despite the previously issued hotfix. Thus, affected organizations must apply a new patch to mitigate this security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Serv-U

Affected Vendors

SolarWinds Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRV4qc
https://www.cve.org/CVERecord?id=CVE-2023-40060
https://nvd.nist.gov/vuln/detail/CVE-2023-40060

Back to Vulnerability Database