CVE-2021-35211
Serv-U Remote Memory Escape Vulnerability
In short
A critical flaw in SolarWinds Serv-U allows attackers to execute arbitrary code remotely on servers running the software, potentially giving them full control of the machine. This vulnerability affects older versions of Serv-U on Windows and requires immediate patching to prevent exploitation.
Technical detail
CVE-2021-35211 is a remote code execution vulnerability (CWE-787: Out-of-bounds Write) in SolarWinds Serv-U versions before 15.2.3 HF2 on Windows. An unauthenticated remote attacker can trigger a memory escape condition to execute arbitrary code with elevated privileges on the affected host. The vulnerability has a CVSS score of 9.0, indicating critical severity and high exploitability.
Summary generated and translated by AI from the official description.
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
public PoCs found — 2
githubgithub.com/NattiSamson/Serv-U-CVE-2021-35211★ 12githubgithub.com/0xhaggis/CVE-2021-35211★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35211https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploithttps://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211