CVE-2021-35211

CRITICAL9.0

CISA KEVRansomwarePublic PoCHigh EPSS

Description

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

SolarWinds / Serv-U Managed File Transfer Server and Serv-U Secured FTPSolarWinds Serv-U – 15.2.3 HF1

Exploits & PoCs

nucleiSolarWinds Serv-U FTP - Remote Code Executionby pussycat0x

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
MISChttps://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit