![]() It ensures no data is stored in the DMZ to comply with PCI DSS and other regulatory frameworks. Maintain regulatory compliance: Optional Serv-U Gateway add-on provides defense-in-depth security to Serv-U FTP Server deployment. Upload and download large files quickly and easily: Enable fast and reliable large (>3GB) file transfers and folder synchronization.Ĭentralized file transfer management and automation: Automate file transfer management and administration tasks from a centralized web-based console. ![]() Reliable FTP server software for secure file transfer: Building on the capabilities of the Serv-U FTP Server, the Serv-U MFT Server supports FTP, FTPS, SFTP, and HTTP/S protocols for file transfer over IPv4 and IPv6 networks.Īd hoc file sharing to easily send and request files: Peer-to-peer file sharing simplifies sending and requesting files on an ad hoc basis.Īnywhere, anytime file transfer from web and mobile devices: Instantly transfer files using simple drag-and-drop Web and mobile interfaces. Serv-U Managed File Transfer (MFT) Server from SolarWinds is an easy-to-use FTP server software that delivers security, automation, and centralized control for file transfers in your organization. Rapid7 does not use SolarWinds Serv-U FTP products anywhere in our environment and is not affected by CVE-2021-35211.įor further information, see Solarwinds’s FAQ here.Free download Solarwinds Serv-U MFT Server 15.3.2.172 full version standalone offline installer for Windows PC, Solarwinds Serv-U MFT Server Overview Building on the capabilities of Serv-U ® FTP Server, Serv-U MFT Server supports FTP, FTPS, SFTP, and HTTP/S protocols for file transfer over IPv4 and IPv6 networks. IP addresses used by the threat actor include: 98.176.196.89 In Serv-U MFT Server, SolarWinds also provides integration with existing Active Directory and LDAP servers, execution automated actions based on triggered. Note, however, that exceptions can be thrown for many reasons and the presence of an exception in the log does not guarantee that there has been an exploitation attempt. Since the vulnerability is in the exception handler, looking for exceptions in the DebugSocketLog.txt file may help identify exploitation attempts. Successful exploitation of the vulnerability will cause the Serv-U product to throw an exception, then will overwrite the exception handler with the attacker’s code, causing remote code execution. The vulnerability appears to be in the exception handling functionality in a portion of the software related to processing connections on open sockets. Though Microsoft provided a proof-of-concept exploit to SolarWinds, there are no public proofs-of-concept as of July 12, 2021. The vulnerability exists in all versions of Serv-U 15.2.3 HF1 and earlier. SolarWinds Serv-U is presented by the vendor as an easy-to-use FTP or MFT server software designed to deliver security, automation, and centralized control. According to Microsoft, a single threat actor unrelated to this year’s earlier SUNBURST intrusions has exploited the vulnerability against a limited, targeted population of SolarWinds customers. The SolarWinds advisory cites threat intelligence provided by Microsoft. Another Chinese APT group called SPIRAL was also seen targeting vendors. The threat campaign was attributed to a Chinese group called DEV-0322. For further details, see SolarWinds’s advisory. On July 9, 2021, Microsoft informed SolarWinds of a zero-day vulnerability ( CVE-2021-35211) in its Serv-U Managed File Transfer software that was being exploited in the wild. SolarWinds has emphasized that CVE-2021-35211 only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products. The vulnerability only exists when SSH is enabled in the Serv-U environment.Ī hotfix for the vulnerability is available, and we recommend all customers of SolarWinds Serv-U FTP and Managed File Transfer install this hotfix immediately (or, at minimum, disable SSH for a temporary mitigation). Successful exploitation of CVE-2021-35211 could enable an attacker to gain remote code execution on a vulnerable target system. ![]() On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |