Vulnerability in SolarWinds Serv-U Fileserver being Exploited
SolarWinds has released an update for an actively exploited vulnerability in their Serv-U Secured FTP and Serv-U Managed File Transfer Server software. This vulnerability only affects servers with the Serv-U SSH enabled in the environment. This vulnerability allows for remote code execution with administrative privileges, and allows an attacker to take control of the device.
Systems running Serv-U 15.2.3 HF1 and earlier, including:
- Serv-U Managed File Transfer Server
- Serv-U Secured FTP
What this means
An attacker can gain control over the server running Serv-U, and use this access to manipulate data, or possibly gain access to other devices in the network.
What to look for
How to tell if you're at risk
You are at risk if your organisation runs an affected version of Serv-U and has the Serv-U SSH service enabled and accessible in the environment.
How to tell if you're affected
For further information, see the How can I tell if my environment has been compromised External Link section of SolarWinds’ advisory.
What to do
CERT NZ recommends that you update your Serv-U software to Serv-U 15.2.3 HF2 immediately.
If you are unable to update immediately, consider disabling the Serv-U SSH service until you able to apply the update.