Rapid7 does not use SolarWinds Serv-U FTP products anywhere in our environment and is not affected by CVE-2021-35211.įor further information, see Solarwinds’s FAQ here. IP addresses used by the threat actor include: 98.176.196.89 Similarly, we pride ourselves on implementing next generation technology, from IPv6 to native 64-bit applications, before our competition. SolarWinds Serv-U MFT Server Features Supports FTP, SFTP, FTPS, and HTTP/S protocols for transfers over IPv4 and IPv6 networks Intuitive, peer-to-peer file. Note, however, that exceptions can be thrown for many reasons and the presence of an exception in the log does not guarantee that there has been an exploitation attempt. A Future-Proof Managed File Transfer Solution In technology, examples like Google demonstrate that inexpensive does not necessarily mean inferior. Since the vulnerability is in the exception handler, looking for exceptions in the DebugSocketLog.txt file may help identify exploitation attempts. Successful exploitation of the vulnerability will cause the Serv-U product to throw an exception, then will overwrite the exception handler with the attacker’s code, causing remote code execution. The SolarWinds Serv-U File Server (Serv-U) is a multi-protocol file server capable of sending and receiving files from other networked computers through various. For example, you want and to be able to log in to Serv-U. The vulnerability appears to be in the exception handling functionality in a portion of the software related to processing connections on open sockets. First Published Date 7:09 PM Last Published Date 7:09 PM Overview You want to enable access to Serv-U for some LDAP users, but not for others. Though Microsoft provided a proof-of-concept exploit to SolarWinds, there are no public proofs-of-concept as of July 12, 2021. The vulnerability exists in all versions of Serv-U 15.2.3 HF1 and earlier. According to Microsoft, a single threat actor unrelated to this year’s earlier SUNBURST intrusions has exploited the vulnerability against a limited, targeted population of SolarWinds customers. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian. The SolarWinds advisory cites threat intelligence provided by Microsoft. For further details, see SolarWinds’s advisory. SolarWinds has emphasized that CVE-2021-35211 only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products. The SolarWinds Serv-U MFT Server is an advanced Secure File Transfer Protocol (SFTP) and managed file transfer (MFT) system designed to maximize the. The vulnerability only exists when SSH is enabled in the Serv-U environment.Ī hotfix for the vulnerability is available, and we recommend all customers of SolarWinds Serv-U FTP and Managed File Transfer install this hotfix immediately (or, at minimum, disable SSH for a temporary mitigation). Successful exploitation of CVE-2021-35211 could enable an attacker to gain remote code execution on a vulnerable target system. government agencies, which gave Russia the ability to infect or potentially spy on 16,000 computer systems worldwide. On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions. SolarWinds is shorthand for one of the most damaging hacks of U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |