Home Cyber Crime SolarWinds issues fix for RCE vulnerability in Serv-U products amid ‘targeted’ attacks

SolarWinds issues fix for RCE vulnerability in Serv-U products amid ‘targeted’ attacks


Enterprise IT software program vendor uncertain of scope of affect

SolarWinds issues fix for RCE vulnerability in Serv-U file transfer products amid 'targeted' exploitation

SolarWinds has patched a remote code execution (RCE) vulnerability in its Serv-U file switch merchandise after Microsoft noticed exploitation in opposition to “a restricted, focused set of consumers” by “a single menace actor”.

The distant reminiscence escape flaw (CVE-2021-35211) impacts each the Serv-U Managed File Switch Server and Serv-U Secured File Switch Protocol, based on a security advisory issued by SolarWinds.

“A menace actor who efficiently exploited this vulnerability may run arbitrary code with privileges,” mentioned SolarWinds. “An attacker may then set up packages; view, change, or delete information; or run packages on the affected system.”

Catch up on the latest cyber-attack news and analysis

Having been alerted to the flaw and hostile exploitation by Microsoft, SolarWinds mentioned it “mobilized to deal with it shortly”, issuing a hotfix on July 9.

The enterprise IT software program vendor mentioned it doesn’t but “have an estimate of what number of clients could also be instantly affected by the vulnerability”, or the id of any doubtlessly affected clients.

SolarWinds mentioned the flaw “is totally unrelated to the Sunburst provide chain assault” that unfolded on the tail finish of 2020, by which nation-state attackers compromised SolarWinds shoppers comparable to Microsoft, FireEye, and US authorities businesses through vulnerabilities in SolarWinds’ Orion software.

Indicators of compromise

The vulnerability exists in all Serv-U variations as much as and together with 15.2.3 HF1, and has been addressed in Serv-U 15.2.3 HF2.

“We advocate all clients utilizing Serv-U set up this repair instantly for the safety of your atmosphere,” mentioned SolarWinds.

RECOMMENDED Eight arrests made as Eurojust dismantles €2 million e-commerce fraud operation

SolarWinds has confirmed that no different SolarWinds or N-able (previously SolarWinds MSP) merchandise are affected by the flaw.

The corporate has warned Serv-U clients that the throwing of exceptions inside their atmosphere may very well be an indication of compromise – though there are different potential causes – as a result of exploitation takes the type of Return Oriented Programming (ROP) assaults.

One other potential indicator of compromise is “doubtlessly suspicious connections through SSH”.

Clients are protected from assaults exploiting the vulnerability when SSH is disabled, added SolarWinds.

The corporate additionally mentioned that “further particulars of the vulnerability will probably be printed after giving clients ample time to improve for the safety of their environments”.

The Every day Swig has put further queries to SolarWinds, together with one associated to the scope of affect. We’ll replace this text ought to we obtain a response.

DON’T FORGET TO READ Research exposes vulnerabilities in IP camera firmware used by multiple vendors

Source link