Zero-day (CVE-2021-35211) discovered in SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP

Zero-day (CVE-2021-35211) discovered in SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP

Hello everyone,

Microsoft has discovered a zero-day vulnerability in SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP. No other SolarWinds or N-able (previously SolarWinds MSP) products are affected. The zero-day is tracked as CVE-2021-35211 and is a Remote Code Execution (RCE) vulnerability.

Vulnerability details: 

The vulnerability is due to a boundary error, more clearly due to the improper restriction of operations within the bounds of a Memory Buffer.

Versions affected:

The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions.

Impact:

If this vulnerability is successfully exploited, threat actors can run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.

Exploitation:

The vulnerability is being actively exploited in the wild and a limited, targeted group of users have been hit so far according to Microsoft.

Mitigation:

Patches are not available yet to address this vulnerability but a hotfix (Serv-U 15.2.3 HF2) has been released by SolarWinds. All customers using Serv-U should install this fix immediately for the protection of their environment. Active maintenance SolarWinds customers of the Serv-U product, can login to their Customer Portal and access the fix. If you are on non-active maintenance and currently using the products, open a customer service ticket with the subject "Serv-U Assistance" and the SolarWinds team will assist you.

‚Äč

In Vulnerability Manager Plus, you can find this vulnerability under the Zero-day vulnerabilities tab.

For more details, refer to SolarWinds' security advisory

 

Cheers,

The ManageEngine Team