Security News > 2022 > January > Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets.
Tracked as CVE-2021-35247, the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation," Microsoft Threat Intelligence Center said.
The flaw, which was discovered by security researcher Jonathan Bar Or, affects Serv-U versions 15.2.5 and prior, and has been addressed in Serv-U version 15.3.
"The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized," SolarWinds said in an advisory, adding it "Updated the input mechanism to perform additional validation and sanitization."
The IT management software maker also pointed out that "No downstream effect has been detected as the LDAP servers ignored improper characters." It's not immediately clear if the attacks detected by Microsoft were mere attempts to exploit the flaw or if they were ultimately successful.
On top of this, a China-based hacking group has been previously observed exploiting a critical security vulnerability affecting SolarWinds Serv-U to install malicious programs on the infected machines.
News URL
https://thehackernews.com/2022/01/microsoft-hackers-exploiting-new.html
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-35247 | Unspecified vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.3 |