Defense Industrial Base Sector and software companies. Microsoft has attributed these “limited and targeted attacks” to DEV-0322, which is targeting entities in the U.S. But, we learned that there are a ton of Serv-U hosts sharing the same SSH private/public keys, rendering encrypted key exchange over SCP useless for these hosts (think mitm) This thread has already become a monster, so I'm going to stop here and pull my thoughts into a blog post. The company has shared some indicators of attack and other helpful information enterprise security teams can use to check whether their installations have been targeted.Ĭensys CTO Derek Abdine said they discovered over 8,000 Serv-U hosts on the internet, and also that a lot of those “present the same SSH host key fingerprint (which Serv-U exposes for SCP)”. Is not related to the SUNBURST supply chain attack.Allows attackers to perform remote code execution and to then install programs view, change, or delete data or run programs on the affected system.It affects Serv-U 15.2.3 HF1 and all prior Serv-U versions – but does not exist if SSH is enabled for a Serv-U installation. ![]() SolarWinds said they will be publishing additional details about the vulnerability once its customers have had enough time to implement the fix. About CVE-2021-35211ĬVE-2021-35211 was unearthed in the SolarWinds Serv-U product by Microsoft’s Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams. Microsoft has also shared a proof-of-concept exploit with SolarWinds, but no PoCs are publicly available at this time. SolarWinds is unaware of the identity of the potentially affected customers,” the company shared. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being exploited in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |