Log in
Register
Cyber Forum
More options
Toggle width
Share this page
Share this page
Share
Share
Cyber Forum
Log in
Register
More options
Toggle width
Share this page
Share this page
Share
Share
Menu
Install the app
Install
Home
CyberWeekly Podcast
Breaking News! Podcast
Cyber Risk Rating
Forums
New posts
Forum list
Trending
Leaderboards
News Feeds
Resources
Latest reviews
Sophos X-Ops Intelix
Threat Reports
Members
Current visitors
My.CompTIA
Help Documents
Preference Center
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MJ Shoer" data-source="post: 2712" data-attributes="member: 3"><p><h3><span style="color: rgb(250, 197, 28)">ACTIONABLE</span> <span style="color: rgb(251, 160, 38)">Severity: Medium</span> <span style="color: rgb(65, 168, 95)">TLP: Green</span> SolarWinds Serv-U Bug Exploited for Log4j Attacks</h3><p><strong>Tags</strong></p><ol> <li data-xf-list-type="ol"><strong>Critical CVE</strong></li> </ol><p>While exploitation of this vulnerability remains highly limited, it could be adopted by other threat actors. While I would normally rank this as a low severity incident, the popularity of Serv-U should be taken into consideration, hence, I would treat this as Medium. There is still some disagreement about the exploitation Microsoft observed, we will continue to update on the situation.</p><p></p><p>--</p><p></p><p><strong>Summary</strong>:</p><p>“SolarWinds has addressed a vulnerability in Serv-U product that threat actors actively exploited to propagate Log4j attacks to internal devices on a network” (<a href="https://securityaffairs.co/wordpress/126933/security/solarwinds-serv-u-flaw.html" target="_blank">Bleeping Computer, 2022</a>).</p><p></p><p>The vulnerability is tracked as CVE-2021-35247 and was discovered by Microsoft security researchers who were monitoring the Log4Shell vulnerabilities. The CVE relates to an input validation vulnerability and allows a threat actor to query input over the network without sanitation.</p><p></p><p>According to the advisory published by SolarWinds, the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.</p><p></p><p><strong>Analyst Comments:</strong></p><p>SolarWinds claims the LDAP servers will ignore improper characters, but Microsoft claims they have seen successful exploitation of the vulnerability.</p><p></p><p>This is not the first time Serv-U has been abused by threat actors. Back in November, Clop ransomware used CVE-2021-35211 in Serv-U to deploy ransomware. In July, the same vulnerability was abused by Chinese threat actors tracked as DEV-0322.</p><p></p><p>While exploitation of this vulnerability seems limited, organizations should ensure they are on Serv-U version 15.3 to prevent future exploitation.</p><p></p><p><strong>Mitigation</strong>:</p><p>SolarWinds released Serv-U 15.3 that addresses the vulnerability by performing additional validation and sanitization.</p><p></p><p><strong>Source</strong>:</p><p><a href="https://securityaffairs.co/wordpress/126933/security/solarwinds-serv-u-flaw.html" target="_blank">https://securityaffairs.co/wordpress/126933/security/solarwinds-serv-u-flaw.html</a></p></blockquote><p></p>
[QUOTE="MJ Shoer, post: 2712, member: 3"] [HEADING=2][COLOR=rgb(250, 197, 28)]ACTIONABLE[/COLOR] [COLOR=rgb(251, 160, 38)]Severity: Medium[/COLOR] [COLOR=rgb(65, 168, 95)]TLP: Green[/COLOR] SolarWinds Serv-U Bug Exploited for Log4j Attacks[/HEADING] [B]Tags[/B] [LIST=1] [*][B]Critical CVE[/B] [/LIST] While exploitation of this vulnerability remains highly limited, it could be adopted by other threat actors. While I would normally rank this as a low severity incident, the popularity of Serv-U should be taken into consideration, hence, I would treat this as Medium. There is still some disagreement about the exploitation Microsoft observed, we will continue to update on the situation. -- [B]Summary[/B]: “SolarWinds has addressed a vulnerability in Serv-U product that threat actors actively exploited to propagate Log4j attacks to internal devices on a network” ([URL='https://securityaffairs.co/wordpress/126933/security/solarwinds-serv-u-flaw.html']Bleeping Computer, 2022[/URL]). The vulnerability is tracked as CVE-2021-35247 and was discovered by Microsoft security researchers who were monitoring the Log4Shell vulnerabilities. The CVE relates to an input validation vulnerability and allows a threat actor to query input over the network without sanitation. According to the advisory published by SolarWinds, the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. [B]Analyst Comments:[/B] SolarWinds claims the LDAP servers will ignore improper characters, but Microsoft claims they have seen successful exploitation of the vulnerability. This is not the first time Serv-U has been abused by threat actors. Back in November, Clop ransomware used CVE-2021-35211 in Serv-U to deploy ransomware. In July, the same vulnerability was abused by Chinese threat actors tracked as DEV-0322. While exploitation of this vulnerability seems limited, organizations should ensure they are on Serv-U version 15.3 to prevent future exploitation. [B]Mitigation[/B]: SolarWinds released Serv-U 15.3 that addresses the vulnerability by performing additional validation and sanitization. [B]Source[/B]: [URL]https://securityaffairs.co/wordpress/126933/security/solarwinds-serv-u-flaw.html[/URL] [/QUOTE]
Name
Verification
Post reply
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
Top
Bottom
Home
Forums
Threat Reports
My.CompTIA
Menu