Microsoft has confirmed that using this vulnerability its possible to execute the arbitrary code execution with the CVE-2021-35211 on SolarWinds Serv-U products and provided the proof-of-concept of the exploit.
“The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.” said the vendor.
SolarWinds has said that they are unaware of the identity of the affected customers and confirmed that all the other Solarwinds/ N-able products are not affected by this vulnerability.
As of now SolarWinds has provided below indicators and connections to look for on this associated attack.
Look for connections via SSH from the following IP addresses, which have been reported as a potential indicator of attack by the threat actor:
or, look for connections via TCP 443 from the following IP address:
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1