Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.
Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.
This advisory specifically applies to the following SolarWinds products:
CVE-2021-35211 is now being exploited in the wild
Microsoft recently informed SolarWinds about a Remote Memory Escape vulnerability that can result in Remote Code Execution in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Microsoft provided SolarWinds with a Proof of Concept for the vulnerability and reported that a “single threat actor” is known to be exploiting the vulnerability “in the wild.” This RCE exploit affects all versions of Serv-U, prior to version 15.2.3 HF2. SolarWinds released a hotfix Friday, July 9, 2021, and SolarWinds recommends all customers using Serv-U install this fix immediately for the protection of your environment.
Note: Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP are thought to be affected by this vulnerability. Other SolarWinds products, including N-Able (formerly SolarWinds MSP), are not known to be affected by this vulnerability.
Remote Code Execution: Exploitation of CVE-2021-35211 could provide threat actors with remote access (if they have already compromised valid user credentials) to vulnerable, web-exposed systems or can be used to escalate privileges and to facilitate lateral movement post-exploitation.
According to SolarWinds, “a threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.”
Serv-U version 15.2.3 hotfix (HF) 2 has been released. We recommend you install these updates immediately.