Zero-Day Vulnerability in SolarWinds Serv-U (CVE-2021-35211)

SolarWinds has released a security update to address a zero-day vulnerability (CVE-2021-35211) in their Serv-U Managed File Transfer and Serv-U Secure File Transfer Protocol (FTP) products. There are reports that the vulnerability is being exploited in the wild.

The vulnerability exists in the latest Serv-U version 15.2.3 hotfix (HF) 1 released 5 May 2021, and all prior versions. It only affects servers with Secure Shell (SSH) enabled.

Successful exploitation of the vulnerability could allow an attacker to run arbitrary code, view/change/delete data, or run programs on the affected system.

SolarWinds has released Serv-U version 15.2.3 HF2 to address the vulnerability.

Administrators and users of the affected products are advised to install the hotfix immediately. They are also encouraged to check if their environment has been compromised, by referring to the FAQ section in SolarWinds’ Security Advisory [1].

More information is available here:
[1] https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

[2] https://www.zdnet.com/article/solarwinds-releases-security-advisory-after-microsoft-says-customer-targeted-through-vulnerability/

[3] https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/