Security News > 2022 > January > New SolarWinds Serv-U vulnerability exploited in Log4j-related attacks

New SolarWinds Serv-U vulnerability exploited in Log4j-related attacks
2022-01-20 10:18

Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U software.

It affects version 15.2.5 and previous versions of Serv-U, and has been patched by SolarWinds in version 15.3.

CVE-2021-35247 is an input validation vulnerability in the Serv-U File Server's web login screen that could allow attackers to build a query after been given some input and send that query over the network without sanitation.

"When hunting for log4j exploit attempt I noticed attacks coming from serv-u.exe. Taking a closer looked revealed you could feed Serv-U with data and it'll build a LDAP query with your unsanitized input! This could be used for log4j attack attempts, but also for LDAP injection," shared Microsoft security researcher Jonathan Bar Or. According to SolarWinds' security advisory, the vulnerability has been fixed by updating the input mechanism to perform additional validation and sanitization.

Microsoft did not say whether the attackers were successful in exploiting CVE-2021-35247, but have urged customers to apply security updates to vulnerable devices.

This is the second Serv-U vulnerability detected in the last six months getting exploited in the wild.


News URL

https://www.helpnetsecurity.com/2022/01/20/cve-2021-35247/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2021-35247 Improper Input Validation vulnerability in Solarwinds Serv-U
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.
network
low complexity
solarwinds CWE-20
5.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 45 1 84 103 43 231