{"id":2481,"date":"2021-07-13T13:04:17","date_gmt":"2021-07-13T07:34:17","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2481"},"modified":"2021-07-13T13:04:19","modified_gmt":"2021-07-13T07:34:19","slug":"solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/","title":{"rendered":"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild"},"content":{"rendered":"\n
SolarWinds, the Texas-based organization that becomes the focal point of an enormous supply chain attack late last year is now insisting customers patch a Serv-U remote code execution vulnerability used in the wild by \u201ca sing threat actor\u201d in attacks targeting limited numbers of customers.<\/p><\/p>\n\n\n\n
\u201cMicrosoft has given an evidence of defined, targeted customer\u2019s impact, though SolarWinds does not currently have the measure of how many customers may be directly affected by the vulnerability,\u201d the company said in an advisory published on Friday.<\/p><\/p>\n\n\n\n
\u201cTo the best of our consideration, no other SolarWinds products have been affected by this vulnerability. SolarWinds is unaware of the identification of the potentially affected customers.\u201d<\/p><\/p>\n\n\n\n
Following are the Only Impacts Servers with SSH Enabled<\/strong><\/h2>\n\n\n\n
The 0-day vulnerability (named as CVE-2021-35211<\/strong>) impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it facilitates remote threat actors to run arbitrary code with advantages following successful exploitation. <\/p><\/p>\n\n\n\n
According to SolarWinds, \u201cif SSH is not enabled in the surrounding, the vulnerability does not exist.\u201d<\/p><\/p>\n\n\n\n
The error discovered by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams in the latest Serv-U 15.2.3 HF1 released in May 2021 also harms all prior versions.<\/p><\/p>\n\n\n\n
SolarWinds has addressed the security vulnerability announced by Microsoft with the release of Serv-U version 15.2.3 hotfix (HF) 2. Below are some software versions with their upgrade paths:<\/p><\/p>\n\n\n\n
Serv-U 15.2.3 HF1 \u2013 <\/strong>Apply Serv-U HF2, available in your Customer Portal<\/li>
Serv-U 15.2.3 \u2013 <\/strong>Apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, available in the Customer Portal<\/li>
All Serv-U versions Before 15.2.3 \u2013<\/strong> Upgrade to Serv-U 15.2.3, then implement Serv-U 15.2.3 HF1, then apply Serve-U 15.2.3 HF2, available in the Customer Portal<\/li><\/ul>\n\n\n\n
The company further stated that all the other SolarWinds and N-able products (including the various platforms like Orion Platform modules) are unaffected by CVE-2021-35211.<\/p><\/p>\n\n\n\n
The US-based software firm alerted about the \u201cSolarWinds released a hotfix Friday, July 9, 2021 and we suggest all the customers using Serv-U install this fix immediately for the security purpose of your system\u2019s environment.\u201d<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Additionally, SolarWinds provides information on how do you know that your environment was negotiated during the attacks Microsoft reported.<\/p><\/p>\n\n\n\n
Customers can also request more data by launching a customer services ticket with the subject \u201cServ-U Assistance.\u201d<\/p><\/p>\n\n\n\n
What is SolarWinds Orion supply-chain Attack?<\/strong><\/h2>\n\n\n\n
The previous year, SolarWinds revealed a supply-chain attack regulated by the Russian Foreign Intelligence Service.<\/p><\/p>\n\n\n\n
The threat actors hijack over the company\u2019s internal system and malware the Orion Software Platform source code and generate released between March 2020 and June 2020.<\/p><\/p>\n\n\n\n
The Trojan builds were later utilized to transmit a backdoor tracked as Sunburst to \u201chardly 18,000,\u201d but, fortunately, the attackers only picked an extensively lower number of targets for second-stage exploitation.<\/p><\/p>\n\n\n\n
At the same time when the attack was disclosed, SolarWind\u2019s list of around 300,000 users across the world included more than 425 US Fortune 500 organizations, all top ten US telecom companies, and a long list of government agencies, including the US Military, the US Pentagon, the State Department of Justice, and the Office of the President of the US.<\/p><\/p>\n\n\n\n
Various US government firms confirmed that they were hijacked in the SolarWinds supply chain attack, with the list consist of:<\/p><\/p>\n\n\n\n
The National Telecommunication and Information Administrations (NTIA)<\/li>
The Department of Homeland Security (DHS)<\/li>
The Department of the Treasury<\/li>
The Department of State<\/li>
The Department of Energy (DOE)<\/li>
The National Nuclear Security Administration (NNSA)<\/li>
The National Institutes of Health (NIH) (part of the U.S. Department of Health)<\/li><\/ul>\n\n\n\n
In March, SolarWinds noted expenses of $3.5 million from the previous year\u2019s supply chain attack, consisting up of the costs related to remediation and the incident researches.<\/p><\/p>\n\n\n\n
Even though $3.5 million doesn\u2019t even seem too much compared to the aftermath of the SolarWinds supply-chain attack, the provoke expenses reported so long were recorded only till December 2020, with high additional costs being expected throughout the consecutive financial time.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
SolarWinds, the Texas-based organization that becomes the focal point of an enormous supply chain attack late last year is now insisting customers patch a Serv-U remote code execution vulnerability used in the wild by \u201ca sing threat actor\u201d in attacks targeting limited numbers of customers. \u201cMicrosoft has given an evidence of defined, targeted customer\u2019s impact, […]<\/p>\n","protected":false},"author":2,"featured_media":2484,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
SolarWinds patches sensitive Serv-U Vulnerability used in the Wild - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"SolarWinds, the Texas-based organization that becomes the focal point of an enormous supply chain attack late last year is now insisting customers patch a Serv-U remote code execution vulnerability used in the wild by \u201ca sing threat actor\u201d in attacks targeting limited numbers of customers. \u201cMicrosoft has given an evidence of defined, targeted customer\u2019s impact, […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-13T07:34:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-13T07:34:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/SolarWinds-patches-sensitive-Serv-U-Vulnerability-used-in-the-Wild-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild\",\"datePublished\":\"2021-07-13T07:34:17+00:00\",\"dateModified\":\"2021-07-13T07:34:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/\"},\"wordCount\":641,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/\",\"url\":\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/\",\"name\":\"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-07-13T07:34:17+00:00\",\"dateModified\":\"2021-07-13T07:34:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild - Xiarch Solutions Private Limited","og_description":"SolarWinds, the Texas-based organization that becomes the focal point of an enormous supply chain attack late last year is now insisting customers patch a Serv-U remote code execution vulnerability used in the wild by \u201ca sing threat actor\u201d in attacks targeting limited numbers of customers. \u201cMicrosoft has given an evidence of defined, targeted customer\u2019s impact, […]","og_url":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-07-13T07:34:17+00:00","article_modified_time":"2021-07-13T07:34:19+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/SolarWinds-patches-sensitive-Serv-U-Vulnerability-used-in-the-Wild-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild","datePublished":"2021-07-13T07:34:17+00:00","dateModified":"2021-07-13T07:34:19+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/"},"wordCount":641,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/","url":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/","name":"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-07-13T07:34:17+00:00","dateModified":"2021-07-13T07:34:19+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/solarwinds-patches-sensitive-serv-u-vulnerability-used-in-the-wild\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SolarWinds patches sensitive Serv-U Vulnerability used in the Wild"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2481"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2481"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2481\/revisions"}],"predecessor-version":[{"id":2485,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2481\/revisions\/2485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2484"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"SolarWinds-patches-sensitive-Serv-U-Vulnerability-used-in-the-Wild-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/SolarWinds-patches-sensitive-Serv-U-Vulnerability-used-in-the-Wild-image1-300x274.png\")
<\/figure><\/div>\n\n\n\n