SolarWinds offers enterprise solutions that are the powerful, scalable, extensible and customizable. Learn how Serv-U® MFT Server from SolarWinds® serves as a secure alternative to the cloud-based solutions for transferring files inside and outside the enterprise. During these transfers, sensitive corporate data can be exposed to unauthorized 3rd-parties-especially when the file transfers occur over insecure channels, or when data gets stored on the public cloud. Understanding the Need for Self-Hosted File Transfer SolutionsĪs work environments become more collaborative, organizations are transferring enormous amounts of information. Respondents weighed in on top cybersecurity threat sources, obstacles to threat prevention, necessary tools for threat prevention, and their concerns, investment and policies regarding cybersecurity. SOLARWINDS FTP SERVER HOW TOIn December 2014, Market Connections, a leading government market research provider, in conjunction with SolarWinds conducted its second annual blind survey of 200 IT and IT security decision makers in the federal government, military and intelligence communities in an effort to uncover their most critical IT security challenges and to determine how to make potential security threats visible so IT can confront them. SolarWinds® Federal Cybersecurity Survey Summary Report Download the whitepaper for an in-depth analysis of the survey, regarding data on Security Event Detection, Continuous Monitoring Implementation and return on investment, top obstacles and frustrations, and cybersecurity threats and threat sources. SolarWinds® partnered with leading government research provider Market Connections to survey 200 federal IT and IT security professionals to find out their top cybersecurity concerns and the obstacles they face when implementing IT security strategies. Rapid7 does not use SolarWinds Serv-U FTP products anywhere in our environment and is not affected by CVE-2021-35211.įor further information, see Solarwinds’s FAQ here.Continuous Monitoring: Managing the Unpredictable Human Element of Cybersecurity IP addresses used by the threat actor include: 98.176.196.89 Note, however, that exceptions can be thrown for many reasons and the presence of an exception in the log does not guarantee that there has been an exploitation attempt. Since the vulnerability is in the exception handler, looking for exceptions in the DebugSocketLog.txt file may help identify exploitation attempts. SOLARWINDS FTP SERVER CODESuccessful exploitation of the vulnerability will cause the Serv-U product to throw an exception, then will overwrite the exception handler with the attacker’s code, causing remote code execution. SOLARWINDS FTP SERVER SOFTWAREThe vulnerability appears to be in the exception handling functionality in a portion of the software related to processing connections on open sockets. Though Microsoft provided a proof-of-concept exploit to SolarWinds, there are no public proofs-of-concept as of July 12, 2021. The vulnerability exists in all versions of Serv-U 15.2.3 HF1 and earlier. According to Microsoft, a single threat actor unrelated to this year’s earlier SUNBURST intrusions has exploited the vulnerability against a limited, targeted population of SolarWinds customers. The SolarWinds advisory cites threat intelligence provided by Microsoft. For further details, see SolarWinds’s advisory. SolarWinds has emphasized that CVE-2021-35211 only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products. SOLARWINDS FTP SERVER INSTALLThe vulnerability only exists when SSH is enabled in the Serv-U environment.Ī hotfix for the vulnerability is available, and we recommend all customers of SolarWinds Serv-U FTP and Managed File Transfer install this hotfix immediately (or, at minimum, disable SSH for a temporary mitigation). Successful exploitation of CVE-2021-35211 could enable an attacker to gain remote code execution on a vulnerable target system. On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |