Security News > 2022 > January > New SolarWinds Serv-U vulnerability exploited in Log4j-related attacks

Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U software.

It affects version 15.2.5 and previous versions of Serv-U, and has been patched by SolarWinds in version 15.3.

CVE-2021-35247 is an input validation vulnerability in the Serv-U File Server's web login screen that could allow attackers to build a query after been given some input and send that query over the network without sanitation.

"When hunting for log4j exploit attempt I noticed attacks coming from serv-u.exe. Taking a closer looked revealed you could feed Serv-U with data and it'll build a LDAP query with your unsanitized input! This could be used for log4j attack attempts, but also for LDAP injection," shared Microsoft security researcher Jonathan Bar Or. According to SolarWinds' security advisory, the vulnerability has been fixed by updating the input mechanism to perform additional validation and sanitization.

Microsoft did not say whether the attackers were successful in exploiting CVE-2021-35247, but have urged customers to apply security updates to vulnerable devices.

This is the second Serv-U vulnerability detected in the last six months getting exploited in the wild.

News URL

https://www.helpnetsecurity.com/2022/01/20/cve-2021-35247/