PrintNightmare Update (CVE-2021-34527)
Microsoft has completed the investigation and has released security updates to address this vulnerability. It is recommended that these updates be...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
1 min read
Cyrus Robinson : Jul 13, 2021 12:00:00 AM
Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.
Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.
This advisory specifically applies to the following SolarWinds products:
CVE-2021-35211 is now being exploited in the wild
Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.
Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.
Remote Code Execution: Exploitation of CVE-2021-35211 could provide threat actors with remote access (if they have already compromised valid user credentials) to vulnerable, web-exposed systems or can be used to escalate privileges and to facilitate lateral movement post-exploitation.
According to SolarWinds, “a threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.”
Serv-U version 15.2.3 hotfix (HF) 2 has been released. We recommend you install these updates immediately.
Microsoft has completed the investigation and has released security updates to address this vulnerability. It is recommended that these updates be...
Affected Software: Internet Explorer 11 on Windows Server 2012 R2, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows...
Apache Log4j2 <=2.14.1 JNDI features used in the configuration, log messages, and parameters do not protect against attacker-controlled LDAP and...