Skip to the main content.
Under Attack? Login
Under Attack? Login
Managed Extended Detection & Response
Layered cybersecurity controls for effective risk management and rapid response.

24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management

Book MXDR Demo

Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Resources

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Company

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

1 min read

SolarWinds Serv-U RCE 0-Day Vulnerability (CVE-2021-35211)

Picture of Cyrus Robinson Cyrus Robinson Jul 13, 2021 8:44:07 AM

Cybersecurity Controls Cybersecurity Advisory

Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.

Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.


Affected Software / System

This advisory specifically applies to the following SolarWinds products:

  • Serv-U 15.2.3 HF1 and all prior Serv-U versions

 

CVE (if applicable)

  • CVE-2021-35211


Type

Serv-U Remote Memory Escape Vulnerability


Exploit Status: 

CVE-2021-35211 is now being exploited in the wild


Vulnerability Summary

Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.

Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.


Impact

Remote Code Execution: Exploitation of CVE-2021-35211 could provide threat actors with remote access (if they have already compromised valid user credentials) to vulnerable, web-exposed systems or can be used to escalate privileges and to facilitate lateral movement post-exploitation.

According to SolarWinds, “a threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.”


Ingalls recommends the following actions:

Serv-U version 15.2.3 hotfix (HF) 2 has been released. We recommend you install these updates immediately.
Subscribe to Network Security News