U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Threat actors attempted to exploit SolarWinds Serv-U bug in attacks in the wild, Microsoft warns

Security vendor SolarWinds has fixed a Serv-U vulnerability that threat actors attempted to exploit in attacks in the wild. SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The company pointed out that all the attack attempts failed. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security […]

SolarWinds SolarWinds Web Help Desk

Security vendor SolarWinds has fixed a Serv-U vulnerability that threat actors attempted to exploit in attacks in the wild.

SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The company pointed out that all the attack attempts failed.

The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security researcher Jonathan Bar Or while monitoring attacks exploiting the vulnerabilities in the Log4j library.

The flaw is an input validation vulnerability that could allow threat actors to build a query given some input and send that query over the network without sanitation.

“During our sustained monitoring of threats taking advantage of the Log4j 2 vulnerabilities, we observed activity related to attacks being propagated via a previously undisclosed vulnerability in the SolarWinds Serv-U software. We discovered that the vulnerability, now tracked as CVE-2021-35247, is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.” reads the advisory published by Microsoft.

According to the advisory published by SolarWinds, the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.

SolarWinds released Serv-U 15.3 that addresses the vulnerability by performing additional validation and sanitization.

“The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized,” reads the advisory published by SolarWinds. “SolarWinds has updated the input mechanism to perform additional validation and sanitization.”

The vendor pointed out that no downstream affect has been detected as the LDAP servers ignored improper characters.

In the past, other threat actors exploited Serv-U vulnerabilities to carry out malicious activities. In November, Clop ransomware gang (aka TA505, FIN11) was spotted exploiting CVE-2021-35211 SolarWinds Serv-U vulnerability to breach businesses’ infrastructures and deploy its ransomware.

In July 2021, Microsoft reported that the recent attacks against SolarWinds file transfer servers were carried out by a Chinese hacking group tracked as DEV-0322.

In July, SolarWinds addressed a zero-day remote code execution flaw (CVE-2021-35211) in Serv-U products which was actively exploited in the wild by a single threat actor.

SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, the flaw was exploited in attacks against a limited, targeted set of customers by a single threat actor.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Serv-U)

[adrotate banner=”5″]

[adrotate banner=”13″]