Threat Actors Actively Exploiting Solarwinds 0-Day Vulnerability Remotely

Recently, the American IT company SolarWinds has released fixes for a zero-day vulnerability in Serv-U file transfer technology, which is actively exploited by the threat actors.

This 0-day vulnerability has so far been exploited by only one hacker in an attack that is mainly aimed at a limited number of victims.

The bug was discovered by Microsoft security experts and tracked the vulnerability as, “CVE-2021-35211,” it’s an RCE vulnerability, and by exploiting this flaw hackers targeted attacks on unnamed SolarWinds customers. 

Unfortunately, it is not yet possible to estimate even the approximate number of potential victims. However, SolarWinds has already shared some indicators of compromise (IOCs) associated with the attacks mentioned.

Apart from this, the cybersecurity researchers at Microsoft have claimed that CVE-2021-35211 could be exploited through SSH to run malicious code in an aerial SolarWinds application.

And with the help of this, an attacker can easily install and run programs or even view, modify and delete data as well.

Affected Products

According to the company itself, this flaw has affected only:-

Moreover, the company has confirmed that this 0-day vulnerability has didn’t affected any other products of the company. As they have affirmed that this flaw is present in Serv-U 15.2.3 HF1 and all prior Serv-U versions.

Fixed Software Release

The company has already released the fixed version of the software and here it’s mentioned below:-

  • Serv-U 15.2.3 HF2

When the attacks began through the vulnerability, neither SolarWinds nor Microsoft are reported. And that’s why how many and which customers of SolarWinds were affected is not yet known.

“This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.”

Are you an active user of SolarWinds Serv-U products? If yes, then you might be worried? Don’t worry about that, since SolarWinds has asked all its users to log in to the Customer Portal in order to receive the security updates.

But, if you are not an active user but still currently using a Serv-U product, then the “Customer Success” team will assist you with all your questions or queries. 

Here, what you have to do is:-

  • First, you have to open a service customer ticket with the theme “Serv-U Assistance.” 
  • Once done, now the team will connect you and help you without any authorization.
  • That’s it, now you are done.

Moreover, if somehow, you are not able to install the security update, then by simply disabling the SSH will help you to prevent the bug from exploited. But, the company itself has strongly recommended all its users to install the security update as soon as possible.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Sponsored: Secure your Web application and data within 15 min Using All in one Advanced Web Security Platform Prophaze: Free Trail

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.