MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1
(CVE-2023-40060)
Summary
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. The previous vulnerability (CVE-2023-35179) was not completely resolved in 15.4 Hotfix 1.
Affected Products
- Serv-U 15.4 HF1 and earlier
Fixed Software Release
Advisory Details
Severity
6.6 Medium
Advisory ID
First Published
08/30/2023
Last Updated
08/30/2023
Fixed Version
Serv-U 15.4 HF2