SolarWinds‘ Serv-U controlled file transfer service has an RCE vulnerability that is being exploited. SolarWinds, which has previously been the target of a supply chain attack, has released patches to address the vulnerability.
Microsoft has provided evidence of a small number of customers that were affected by the CVE-2021-35211 zero-day issue. SolarWinds, on the other hand, does not have a precise estimate of how many customers may be affected by the vulnerability.
Serv-U versions 15.2.3 HF1 and earlier are affected by the flaw. If this vulnerability is successfully exploited, attackers will be able to run arbitrary code on the compromised system. Furthermore, the flaw allows attackers to install malicious programs as well as access, edit, or delete sensitive data. Serv-U version 15.2.3 hotfix (HF) 2 does, however, address the problem.
To Read More: cyware
For more such updates follow us on Google News ITsecuritywire News.