skip to Main Content

Cybersecurity, serious vulnerability on SolarWinds Serv-U

Yoroi: Serious vulnerability on SolarWinds Serv-U. All versions up to 15.2.3 HF1 are involved and there have already been targeted cybercrime attacks. Update the systems now!

SolarWinds Serv-U has a serious vulnerability, identified as CVE-2021-35211. Yoroi cybersecurity experts denounce it. The flaw is caused by gaps in memory management within the “Serv-U Managed File Transfer” and “Serv-U Secure FTP” modules, which allow a remote attacker without authentication to execute arbitrary code. This condition enables significant risk scenarios, as the infrastructures in question potentially operate exposed on the internet (ftp / s and http / s). All versions of SolarWinds Serv-U up to 15.2.3 HF1 are involved and there have already been targeted cybercrime attacks to infiltrate target organizations. However, a necessary condition for exploiting the vulnerability is to enable the SSH service on the component. Without it, the criticality cannot be exploited. In addition, the developer has released ad hoc patches and updates. It is imperative to install them immediately!

Back To Top