SolarWinds Discloses Zero-Day Under Active Attack

The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.

Dark Reading Staff, Dark Reading

July 13, 2021

1 Min Read
Dark Reading logo in a gray background | Dark Reading

SolarWinds has issued an advisory confirming a new zero-day affecting its Serv-U Managed File Transfer and Serv-U Secured FTP products. It has developed a hotfix to address the flaw.

The remote code execution vulnerability exists in the latest Serv-U version 15.2.3 HF1 released on May 5, 2021, and all prior versions, the company reported in a weekend advisory. An attacker who successfully exploited the flaw could run arbitrary code with privileges; install programs; view, change, or delete data; or run programs on the affected systems.

SolarWinds learned of the vulnerability from Microsoft, which found attackers already using it.

"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," SolarWinds wrote in its advisory. It is unaware of the identity of the potentially affected customers, officials noted.

This vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP, officials noted, and it does not affect any other SolarWinds or N-able products. The company urges Serv-U users to install the hotfix and said it will publish additional details on the flaw after giving customers time to upgrade.

Read more in SolarWinds' full advisory.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights