MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1 

(CVE-2023-40060)

Download PDF

Summary

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. The previous vulnerability (CVE-2023-35179) was not completely resolved in 15.4 Hotfix 1.

Affected Products

  • Serv-U 15.4 HF1 and earlier

Fixed Software Release

Advisory Details

Severity

6.6 Medium

Advisory ID

CVE-2023-40060

First Published

08/30/2023

Last Updated

08/30/2023

Fixed Version

Serv-U 15.4 HF2

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H