Network Security, Vulnerability Management, Patch/Configuration Management

Attacks exploiting SolarWinds Serv-U bug underway

Close up view of internet equipment and cables in the server room.

Vulnerable SolarWinds Serv-U devices impacted by the high-severity path traversal flaw, tracked as CVE-2024-28995, have been subjected to ongoing attacks using publicly available proof-of-concept exploits, according to BleepingComputer.

Intrusions leveraging the easily exploitable vulnerability could put 5,500 to 9,500 SolarWinds Serv-U FTP Server, Gateway, MFT Server, and File Server instances at risk of unauthorized file access and extended compromise, reported Rapid7 researchers.

Another investigation by GreyNoise using a vulnerable Serv-U system-mimicking honeypot revealed that intrusions involved manual and automated attempts through incorrect slashes and path traversal sequences to distribute platform-specific payloads. Most intrusions were discovered to be targeted at files containing Linux user data, Serv-U FTP Server startup logs, and Windows configuration settings, which have been used to enable privilege escalation and further compromise.

Organizations have been urged to immediately remediate impacted systems with a fix issued by SolarWinds earlier this month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.