I. Overview

SolarWinds released a security notice disclosing a remote code execution vulnerability (CVE-2021-35211) in Serv-U Managed File Transfer Server and Serv-U Secured FTP. Attackers can exploit this vulnerability to run arbitrary code with privileges; install programs; view, modify, or delete data; and run programs on the affected system. This vulnerability has been exploited by attackers and the risk is high.

SolarWinds Serv-U is a widely used FTP server software. If you are a SolarWinds Serv-U user, check your system and implement timely security hardening.

Reference: https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

SolarWinds Serv-U 15.2.3 HF1 and earlier versions

Secure version:

SolarWinds Serv-U 15.2.3 HF2

IV. Security Recommendations

This vulnerability has been fixed in newly released versions. If your service version falls into the affected range, upgrade it to a latest secure version.

https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-2-3-HotFix-2

If the upgrade cannot be performed, disable the SSH function.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.