A remote code execution vulnerability could be exploited over the SSH protocol to run malicious code in a SolarWinds application.
American IT company SolarWinds has released fixes for a zero-day vulnerability in Serv-U file transfer technology, which is actively used in hacker attacks.
A remote code execution vulnerability ( CVE-2021-35211 ) discovered by Microsoft can be exploited via SSH to run malicious code in an elevated SolarWinds application. With its help, attackers can install and run programs, view, modify and delete data.
According to the manufacturer, the problem affects only the Serv-U Managed File Transfer and Serv-U Secure FTP software, this vulnerability is absent in other products of the company. In particular, it is present in the Serv-U version 15.2.3 HF1 and earlier released on May 5, 2021.
When the attacks began through the vulnerability, neither SolarWinds nor Microsoft are reporting. How many and which customers of SolarWinds were affected by its operation is unknown.
“If you are an active supported user of SolarWinds Serv-U products, SolarWinds asks you to log in to the Customer Portal in order to receive updates. It will take only a few minutes to deploy the update.
If you are not an active supported user but are currently using a Serv-U product, our Customer Success team will help you with all your questions. Please open a service customer ticket with the theme “Serv-U Assistance” and our team will help you (no authorization required), “SolarWinds’ notification says.
Catch up on more stories here
Follow us on Facebook here