=====================================================================

                                CERT-Renater

                      Note d'Information No. 2023/VULN268

_____________________________________________________________________

DATE                : 25/08/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Serv-U versions prior to 15.4 HF1.

=====================================================================
https://www.solarwinds.com/trust-center/security-advisories/cve-2023-35179
_____________________________________________________________________

MFA/2FA Bypass Vulnerability in Serv-U 15.4 (CVE-2023-35179)

Security Advisory Summary

A vulnerability has been identified within Serv-U 15.4 that, if
exploited, allows an actor to bypass multi-factor/two-factor
authentication. The actor must have administrator-level access
to Serv-U to perform this action.
Affected Products

     Serv-U 15.4


Fixed Software Release

     Serv-U 15.4 HF1


Advisory Details

Severity

6.6 Medium

Advisory ID
CVE-2023-35179

First Published
08/04/2023

Last Published
08/04/2023

Fixed Version
Serv-U 15.4 HF1

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================