Security News > 2021 > July > SolarWinds patches zero-day exploited in the wild (CVE-2021-35211)

SolarWinds patches zero-day exploited in the wild (CVE-2021-35211)
2021-07-13 08:49

SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being exploited in the wild.

"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers," the company shared.

CVE-2021-35211 was unearthed in the SolarWinds Serv-U product by Microsoft's Threat Intelligence Center and Microsoft Offensive Security Research teams.

It affects Serv-U 15.2.3 HF1 and all prior Serv-U versions - but does not exist if SSH is enabled for a Serv-U installation.

Censys CTO Derek Abdine said they discovered over 8,000 Serv-U hosts on the internet, and also that a lot of those "Present the same SSH host key fingerprint".

The company has provided advice for organizations on how to check whether they have been targeted / their Serv-U installations have been compromised.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/SLnuAW7y-7Q/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-35211 Out-of-bounds Write vulnerability in Solarwinds Serv-U
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.
network
low complexity
solarwinds CWE-787
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 101 81 50 265