Posted on Leave a comment

Solarwinds Fixes the Zeroday Vulnerability Exploited in the Wild

Solarwinds has released the patches for remote code execution vulnerability in its Serv-U Managed File Transfer Server and Serv-U Secured FTP  product after Microsoft has indicated it to them.

Microsoft has confirmed that using this vulnerability its possible to execute the arbitrary code execution with the CVE-2021-35211 on SolarWinds Serv-U products and provided the proof-of-concept of the exploit.

SolarWinds Announces Third Quarter 2020 Results | Business Wire

“The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.” said the vendor.

SolarWinds has said that they are unaware of the identity of the affected customers and confirmed that all the other Solarwinds/ N-able products are not affected by this vulnerability.

As of now SolarWinds has provided below indicators and connections to look for on this associated attack.

Indicators:

Look for connections via SSH from the following IP addresses, which have been reported as a potential indicator of attack by the threat actor:

98.176.196.89
68.235.178.32

 or, look for connections via TCP 443 from the following IP address:
208.113.35.58

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply