Solarwinds has released the patches for remote code execution vulnerability in its Serv-U Managed File Transfer Server and Serv-U Secured FTP  product after Microsoft has indicated it to them.

Microsoft has confirmed that using this vulnerability its possible to execute the arbitrary code execution with the CVE-2021-35211 on SolarWinds Serv-U products and provided the proof-of-concept of the exploit.

SolarWinds Announces Third Quarter 2020 Results | Business Wire

“The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.” said the vendor.

SolarWinds has said that they are unaware of the identity of the affected customers and confirmed that all the other Solarwinds/ N-able products are not affected by this vulnerability.

As of now SolarWinds has provided below indicators and connections to look for on this associated attack.


Look for connections via SSH from the following IP addresses, which have been reported as a potential indicator of attack by the threat actor:

 or, look for connections via TCP 443 from the following IP address:

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s