SolarWinds is urging prospects to patch a Serv-U distant code execution vulnerability that was exploited within the wild by “a single menace actor” in assaults concentrating on a restricted variety of prospects.
The vulnerability (tracked as CVE-2021-35211) impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it permits distant menace actors to execute arbitrary code with privileges following profitable exploitation.
The bug discovered by Microsoft Menace Intelligence Middle (MSTIC) and Microsoft Offensive Safety Analysis groups within the newest Serv-U 15.2.3 HF1 launched in Could 2021 additionally impacts all prior variations.
SolarWinds has addressed the safety vulnerability reported by Microsoft with the discharge of Serv-U model 15.2.3 hotfix (HF) 2.
“Microsoft has offered proof of restricted, focused buyer impression, although SolarWinds doesn’t presently have an estimate of what number of prospects could also be straight affected by the vulnerability,” the corporate said in an advisory revealed on Friday.
“To the most effective of our understanding, no different SolarWinds merchandise have been affected by this vulnerability. [..] SolarWinds is unaware of the id of the doubtless affected prospects.”
|Software program Model||Improve Paths|
|Serv-U 15.2.3 HF1||Apply Serv-U 15.2.3 HF2, obtainable in your Buyer Portal|
|Serv-U 15.2.3||Apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, obtainable in your Buyer Portal|
|All Serv-U variations prior to fifteen.2.3||Improve to Serv-U 15.2.3, then apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, obtainable in your Buyer Portal|
The corporate added that each one different SolarWinds and N-able merchandise (together with the Orion Platform and Orion Platform modules) are unaffected by CVE-2021-35211.
“SolarWinds launched a hotfix Friday, July 9, 2021, and we suggest all prospects utilizing Serv-U set up this repair instantly for the safety of your atmosphere,” the US-based software program agency warned.
The SolarWinds Orion supply-chain assault
Final yr, SolarWinds disclosed a supply-chain assault coordinated by the Russian Foreign Intelligence Service.
The state hackers breached the corporate’s inner methods and trojanized the Orion Software program Platform supply code and builds launched between March 2020 and June 2020.
The malicious builds have been later used to ship a backdoor tracked as Sunburst to “fewer than 18,000,” however, fortunately, the menace actors solely picked a considerably decrease variety of targets for second-stage exploitation.
Proper earlier than the assault was disclosed, SolarWinds’ record of 300,000 prospects worldwide [1, 2] included greater than 425 US Fortune 500 corporations, all high ten US telecom corporations, and an extended record of govt companies, together with the US Navy, the US Pentagon, the State Division, NASA, NSA, Postal Service, NOAA, the US Division of Justice, and the Workplace of the President of the US.
A number of US govt companies confirmed that they have been breached within the SolarWinds supply-chain assault, with the record together with:
In March, SolarWinds reported expenses of $3.5 million from final yr’s supply-chain assault, together with prices associated to remediation and incident investigation.
Regardless that $3.5 million does not appear an excessive amount of in comparison with the aftermath of the SolarWinds supply-chain attack, the incurred bills reported thus far have been recorded solely by December 2020, with excessive additional prices being anticipated all through the next monetary durations.