Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

1 min read

SolarWinds Serv-U RCE 0-Day Vulnerability (CVE-2021-35211)

Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.

Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.


Affected Software / System

This advisory specifically applies to the following SolarWinds products:

  • Serv-U 15.2.3 HF1 and all prior Serv-U versions

 

CVE (if applicable)

  • CVE-2021-35211


Type

Serv-U Remote Memory Escape Vulnerability


Exploit Status: 

CVE-2021-35211 is now being exploited in the wild


Vulnerability Summary

Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.

Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.


Impact

Remote Code Execution: Exploitation of CVE-2021-35211 could provide threat actors with remote access (if they have already compromised valid user credentials) to vulnerable, web-exposed systems or can be used to escalate privileges and to facilitate lateral movement post-exploitation.

According to SolarWinds, “a threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.”


Ingalls recommends the following actions:

Serv-U version 15.2.3 hotfix (HF) 2 has been released. We recommend you install these updates immediately.

PrintNightmare Update (CVE-2021-34527)

PrintNightmare Update (CVE-2021-34527)

Microsoft has completed the investigation and has released security updates to address this vulnerability. It is recommended that these updates be...

Read More
Microsoft Warns Windows Users to Install an Emergency Security Patch

Microsoft Warns Windows Users to Install an Emergency Security Patch

Affected Software: Internet Explorer 11 on Windows Server 2012 R2, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows...

Read More
Log4Shell - Log4j Vulnerability (CVE-2021-44228)

Log4Shell - Log4j Vulnerability (CVE-2021-44228)

Apache Log4j2 <=2.14.1 JNDI features used in the configuration, log messages, and parameters do not protect against attacker-controlled LDAP and...

Read More