Home News SolarWinds patches critical Serv-U vulnerability exploited in the wild

    SolarWinds patches critical Serv-U vulnerability exploited in the wild


    SolarWinds patches critical Serv-U vulnerability exploited in the wild

    SolarWinds is urging prospects to patch a Serv-U distant code execution vulnerability that was exploited within the wild by “a single menace actor” in assaults concentrating on a restricted variety of prospects.

    The vulnerability (tracked as CVE-2021-35211) impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it permits distant menace actors to execute arbitrary code with privileges following profitable exploitation.

    The bug discovered by Microsoft Menace Intelligence Middle (MSTIC) and Microsoft Offensive Safety Analysis groups within the newest Serv-U 15.2.3 HF1 launched in Could 2021 additionally impacts all prior variations.

    SolarWinds has addressed the safety vulnerability reported by Microsoft with the discharge of Serv-U model 15.2.3 hotfix (HF) 2.

    “Microsoft has offered proof of restricted, focused buyer impression, although SolarWinds doesn’t presently have an estimate of what number of prospects could also be straight affected by the vulnerability,” the corporate said in an advisory revealed on Friday.

    “To the most effective of our understanding, no different SolarWinds merchandise have been affected by this vulnerability. [..] SolarWinds is unaware of the id of the doubtless affected prospects.”

    Software program Model Improve Paths
    Serv-U 15.2.3 HF1 Apply Serv-U 15.2.3 HF2, obtainable in your Buyer Portal
    Serv-U 15.2.3 Apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, obtainable in your Buyer Portal
    All Serv-U variations prior to fifteen.2.3 Improve to Serv-U 15.2.3, then apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, obtainable in your Buyer Portal

    The corporate added that each one different SolarWinds and N-able merchandise (together with the Orion Platform and Orion Platform modules) are unaffected by CVE-2021-35211.

    “SolarWinds launched a hotfix Friday, July 9, 2021, and we suggest all prospects utilizing Serv-U set up this repair instantly for the safety of your atmosphere,” the US-based software program agency warned.

    SolarWinds offers more information on how to find if your environment was compromised. Prospects also can request extra info by opening a customer service ticket with the topic “Serv-U Help.”

    The SolarWinds Orion supply-chain assault

    Final yr, SolarWinds disclosed a supply-chain assault coordinated by the Russian Foreign Intelligence Service.

    The state hackers breached the corporate’s inner methods and trojanized the Orion Software program Platform supply code and builds launched between March 2020 and June 2020.

    The malicious builds have been later used to ship a backdoor tracked as Sunburst to “fewer than 18,000,” however, fortunately, the menace actors solely picked a considerably decrease variety of targets for second-stage exploitation.

    Proper earlier than the assault was disclosed, SolarWinds’ record of 300,000 prospects worldwide [12] included greater than 425 US Fortune 500 corporations, all high ten US telecom corporations, and an extended record of govt companies, together with the US Navy, the US Pentagon, the State Division, NASA, NSA, Postal Service, NOAA, the US Division of Justice, and the Workplace of the President of the US.

    A number of US govt companies confirmed that they have been breached within the SolarWinds supply-chain assault, with the record together with:

    In March, SolarWinds reported expenses of $3.5 million from final yr’s supply-chain assault, together with prices associated to remediation and incident investigation.

    Regardless that $3.5 million does not appear an excessive amount of in comparison with the aftermath of the SolarWinds supply-chain attack, the incurred bills reported thus far have been recorded solely by December 2020, with excessive additional prices being anticipated all through the next monetary durations.

    Source link