SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it.
SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively exploited in the wild by a single threat actor.
SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, the flaw was exploited in attacks against a limited, targeted set of customers by a single threat actor.
The flaw resides in Serv-U version 15.2.3 HF1 and all prior versions, the vendor released Serv-U version 15.2.3 hotfix (HF) 2 to fix the issue. All other SolarWinds and N-able (formerly SolarWinds MSP) are not affected by this issue, including the Orion Platform, and all Orion Platform modules.
“Microsoft reported to SolarWinds that they had discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product. Microsoft provided a proof of concept of the exploit. If exploited, a threat actor may be able to gain privileged access to the threat actor on the machine hosting Serv-U.” reads the advisory published by SolarWinds. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability.”
The experts pointed out that this issue is not linked to the SolarWinds supply chain attack.
Microsoft provided a proof of concept of the exploit along with evidence of the zero-day attacks.
Solarwinds released some Indicators of Compromise (IOCs) for the ongoing attacks, but it has yet to disclose full technical details of the vulnerability.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, SolarWinds)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it.
SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively exploited in the wild by a single threat actor.
SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, the flaw was exploited in attacks against a limited, targeted set of customers by a single threat actor.
The flaw resides in Serv-U version 15.2.3 HF1 and all prior versions, the vendor released Serv-U version 15.2.3 hotfix (HF) 2 to fix the issue. All other SolarWinds and N-able (formerly SolarWinds MSP) are not affected by this issue, including the Orion Platform, and all Orion Platform modules.
“Microsoft reported to SolarWinds that they had discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product. Microsoft provided a proof of concept of the exploit. If exploited, a threat actor may be able to gain privileged access to the threat actor on the machine hosting Serv-U.” reads the advisory published by SolarWinds. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability.”
The experts pointed out that this issue is not linked to the SolarWinds supply chain attack.
Microsoft provided a proof of concept of the exploit along with evidence of the zero-day attacks.
Solarwinds released some Indicators of Compromise (IOCs) for the ongoing attacks, but it has yet to disclose full technical details of the vulnerability.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, SolarWinds)