SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The company pointed out that all the attack attempts failed.
The flaw is an input validation vulnerability that could allow threat actors to build a query given some input and send that query over the network without sanitation.
“During our sustained monitoring of threats taking advantage of the Log4j 2 vulnerabilities, we observed activity related to attacks being propagated via a previously undisclosed vulnerability in the SolarWinds Serv-U software. We discovered that the vulnerability, now tracked as CVE-2021-35247, is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.” reads the advisory published by Microsoft.
According to the advisory published by SolarWinds, the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.
SolarWinds released Serv-U 15.3 that addresses the vulnerability by performing additional validation and sanitization.
“The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized,” reads the advisory published by SolarWinds. “SolarWinds has updated the input mechanism to perform additional validation and sanitization.”
The vendor pointed out that no downstream affect has been detected as the LDAP servers ignored improper characters.
In the past, other threat actors exploited Serv-U vulnerabilities to carry out malicious activities. In November, Clop ransomware gang (aka TA505, FIN11) was spotted exploiting CVE-2021-35211 SolarWinds Serv-U vulnerability to breach businesses’ infrastructures and deploy its ransomware.
In July, SolarWinds addressed a zero-day remote code execution flaw (CVE-2021-35211) in Serv-U products which was actively exploited in the wild by a single threat actor.
SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, the flaw was exploited in attacks against a limited, targeted set of customers by a single threat actor.
(SecurityAffairs – hacking, Serv-U)