A New Critical SolarWinds Zero-Day Vulnerability Reported

A New Critical SolarWinds Zero-Day Vulnerability Reported

The Texas-based SolarWinds has issued several patches to fix a new remote code execution vulnerability in its Serv-U managed file transfer service. A new bug was found several months after the massive SUNBURST supply chain attack carried out by Russian hackers last year that compromised hundreds of enterprises.

However, the company noted that the issue is unrelated to the SUNBURST attack and does not affect other products.

The fixes were issued by SolarWinds after Microsoft notified the company that a remote exploitation flaw was being exploited on the wild. The bugs pertain to the company’s Serv-U Managed File Transfer and Serv-U Secure FTP products.

The threat actor who carried out the attack remains unknown, and it’s not clear how the attacks were carried out. Microsoft has provided details of limited, targeted customer impact due to the vulnerability. The number of impacted customers is unknown either.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” SolarWinds said in an advisory published Friday.

SolarWinds added it was “unaware of the identity of the potentially affected customers.”

The issue (CVE-2021-35211) affects Serv-U version 15.2.3 HF1 and before, and could allow an attacker to execute arbitrary code on a vulnerable system, including install malicious programs and compromise sensitive data.

The company is warning administrators to monitor for suspicious connections via SSH or TCP 443 to certain IP addresses. These addresses can be used to establish a connection to certain servers. It is also important to prevent compromise by disabling SSH access.

SolarWinds has fixed the issue by Serv-U version 15.2.3 hotfix (HF).

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.