SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively exploited in the wild by a single threat actor.
SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, the flaw was exploited in attacks against a limited, targeted set of customers by a single threat actor.
The flaw resides in Serv-U version 15.2.3 HF1 and all prior versions, the vendor released Serv-U version 15.2.3 hotfix (HF) 2 to fix the issue. All other SolarWinds and N-able (formerly SolarWinds MSP) are not affected by this issue, including the Orion Platform, and all Orion Platform modules.
“Microsoft reported to SolarWinds that they had discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product. Microsoft provided a proof of concept of the exploit. If exploited, a threat actor may be able to gain privileged access to the threat actor on the machine hosting Serv-U.” reads the advisory published by SolarWinds. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability.”
The experts pointed out that this issue is not linked to the SolarWinds supply chain attack.
Microsoft provided a proof of concept of the exploit along with evidence of the zero-day attacks.
Solarwinds released some Indicators of Compromise (IOCs) for the ongoing attacks, but it has yet to disclose full technical details of the vulnerability.
(SecurityAffairs – hacking, SolarWinds)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.