The Texas-based SolarWinds has issued several patches to fix a new remote code execution vulnerability in its Serv-U managed file transfer service. A new bug was found several months after the massive SUNBURST supply chain attack carried out by Russian hackers last year that compromised hundreds of enterprises.
However, the company noted that the issue is unrelated to the SUNBURST attack and does not affect other products.
The fixes were issued by SolarWinds after Microsoft notified the company that a remote exploitation flaw was being exploited on the wild. The bugs pertain to the company’s Serv-U Managed File Transfer and Serv-U Secure FTP products.
The threat actor who carried out the attack remains unknown, and it’s not clear how the attacks were carried out. Microsoft has provided details of limited, targeted customer impact due to the vulnerability. The number of impacted customers is unknown either.
“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” SolarWinds said in an advisory published Friday.
SolarWinds added it was “unaware of the identity of the potentially affected customers.”
The issue (CVE-2021-35211) affects Serv-U version 15.2.3 HF1 and before, and could allow an attacker to execute arbitrary code on a vulnerable system, including install malicious programs and compromise sensitive data.
The company is warning administrators to monitor for suspicious connections via SSH or TCP 443 to certain IP addresses. These addresses can be used to establish a connection to certain servers. It is also important to prevent compromise by disabling SSH access.
SolarWinds has fixed the issue by Serv-U version 15.2.3 hotfix (HF).