Security News > 2024 > June > SolarWinds Serv-U path-traversal flaw actively exploited in attacks
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept exploits.
The vulnerability arises from insufficient validation of path traversal sequences, enabling attackers to bypass security checks and access sensitive files.
Over the weekend, Rapid7 analysts published a technical write-up that provided detailed steps to exploit the directory traversal vulnerability in SolarWinds Serv-U to read arbitrary files from the affected system.
Attackers use platform-specific path traversal sequences, bypassing security checks using incorrect slashes, which the Serv-U system later corrects, allowing unauthorized file access.
CISA warns of actively exploited Linux privilege elevation flaw.
Check Point releases emergency fix for VPN zero-day exploited in attacks.