11:00am, 13 July 2021
TLP Rating:
Vulnerability in SolarWinds Serv-U Fileserver being Exploited
SolarWinds has released an update for an actively exploited vulnerability in their Serv-U Secured FTP and Serv-U Managed File Transfer Server software. This vulnerability only affects servers with the Serv-U SSH enabled in the environment. This vulnerability allows for remote code execution with administrative privileges, and allows an attacker to take control of the device.
What's happening
Systems affected
Systems running Serv-U 15.2.3 HF1 and earlier, including:
- Serv-U Managed File Transfer Server
- Serv-U Secured FTP
What this means
An attacker can gain control over the server running Serv-U, and use this access to manipulate data, or possibly gain access to other devices in the network.
What to look for
How to tell if you're at risk
You are at risk if your organisation runs an affected version of Serv-U and has the Serv-U SSH service enabled and accessible in the environment.
How to tell if you're affected
For further information, see the How can I tell if my environment has been compromised External Link
section of SolarWinds’ advisory.
What to do
Prevention
CERT NZ recommends that you update your Serv-U software to Serv-U 15.2.3 HF2 immediately.
Mitigation
If you are unable to update immediately, consider disabling the Serv-U SSH service until you able to apply the update.
More information
SolarWinds’ security advisory. External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.