Solarwinds software, known for its support in monitoring the availability and health of devices in many companies, is once again vulnerable in its Serv-U application unit used for file transfer.
Solarwinds has been one of the most widely deployed software in companies to monitor the availability and performance of their platforms, nevertheless in the past two years, it has presented several vulnerabilities.
On January 19, Microsoft disclosed details of a security flaw in the SolarWinds Serv-U software (used for information transfer), Microsoft said it was being exploited by malicious actors to launch attacks that take advantage of Log4j bugs to compromise targets.
The flaw was discovered by Microsoft security researcher Jonathan Bar when he was monitoring attacks that exploited security bugs in the Log4j library.
The vulnerability listed by NIST as CVE-2021-35247 indicates that the problem is for “Input validation, which could allow attackers to create a query given some input and send that query over the unsecured network.”
The information found indicated that “Serv-U’s web login screen for LDAP authentication allowed unusual characters” however, the SolarWinds software vendor noted that “no downstream effect has been detected as LDAP servers ignore incorrect characters.” It is not clear if the attacks detected by Microsoft just attempted to exploit the flaw or if they were ultimately successful, so for now, only we advise an upgrade. The affected versions of Server-U are 15.2.5 or lower, but it has already been fixed in version 15.3.
Recommendations
Perform the Serv-U upgrade to version 15.3 recommended by SolarWinds.
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
Use cases *:
– Activity tracking of a possible Zero-day Attack.
– Recognition and/or Vulnerabilities.
More information can be found in the following sources associated with the news item:
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
- https://www.securityweek.com/solarwinds-patches-serv-u-vulnerability-propagating-log4j-attacks
- https://blog.segu-info.com.ar/2022/01/nueva-vulnerabilidad-en-solarwinds-es.html
- https://thehackernews.com/2022/01/microsoft-hackers-exploiting-new.html