SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

Summary:
A critical vulnerability (CVE-2024-28995) in SolarWinds Serv-U file transfer software, affecting versions up to and including Serv-U 15.4.2 HF 1, allows attackers to perform directory traversal and access sensitive files on the host machine. The flaw was discovered by security researcher Hussein Daher and has been actively exploited in the wild. SolarWinds released a patch (Serv-U 15.4.2 HF 2) to address the issue. Cybersecurity experts warn that the vulnerability is easy to exploit and could lead to data exfiltration and subsequent attacks, including by ransomware groups. Users are advised to update their software promptly to mitigate risks associated with this vulnerability.


Security Officer Comments:
The vulnerability is actively exploited by malicious actors, as confirmed by reports from cybersecurity firms and threat intelligence sources. This suggests that attackers are aware of the flaw and are leveraging it for malicious purposes, including data theft and potential system compromise. CVE-2024-28995 presents a serious security threat due to its active exploitation, ease of exploit, and potential for significant impact on affected systems. Timely patching and heightened cybersecurity measures are essential to protect organizations from potential exploitation and data loss.


Suggested Corrections:
  • Security experts emphasize the critical need for organizations using SolarWinds Serv-U software to update to the latest patched version (15.4.2 HF 2) immediately.
  • Prompt patching is crucial to mitigate the risk of exploitation and safeguard against potential financial, operational, and reputational damages associated with data breaches and cyber attacks.

Affected Products and Versions:
All versions of Serv-U software up to and including 15.4.2 HF 1 are vulnerable. SolarWinds addressed the issue with a patch in version 15.4.2 HF 2 (15.4.2.157), released recently to mitigate the risk. Products such as Serv-U FTP Server, Gateway, MFT Server, and File Server are confirmed to be susceptible.

Link(s):
https://thehackernews.com/2024/06/solarwinds-serv-u-vulnerability-under.html