Security News > 2022 > January > New SolarWinds Serv-U vulnerability exploited in Log4j-related attacks
Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U software.
It affects version 15.2.5 and previous versions of Serv-U, and has been patched by SolarWinds in version 15.3.
CVE-2021-35247 is an input validation vulnerability in the Serv-U File Server's web login screen that could allow attackers to build a query after been given some input and send that query over the network without sanitation.
"When hunting for log4j exploit attempt I noticed attacks coming from serv-u.exe. Taking a closer looked revealed you could feed Serv-U with data and it'll build a LDAP query with your unsanitized input! This could be used for log4j attack attempts, but also for LDAP injection," shared Microsoft security researcher Jonathan Bar Or. According to SolarWinds' security advisory, the vulnerability has been fixed by updating the input mechanism to perform additional validation and sanitization.
Microsoft did not say whether the attackers were successful in exploiting CVE-2021-35247, but have urged customers to apply security updates to vulnerable devices.
This is the second Serv-U vulnerability detected in the last six months getting exploited in the wild.
News URL
https://www.helpnetsecurity.com/2022/01/20/cve-2021-35247/
Related news
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-10 | CVE-2021-35247 | Improper Input Validation vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.3 |