A zero-day vulnerability is found in the famous FTP server software 'Serv-U', SolarWinds releases a patch

SolarWinds , which provides the 'Orion Platform ' used in large-scale cyber attacks targeting US government agencies and private companies in 2020, will be added to the FTP server software ' Serv-U ' on July 9, 2021. We are reporting that a zero-day vulnerability has been discovered.

SolarWinds Trust Center Security Advisories | CVE-2021-35211
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

SolarWinds patches critical Serv-U vulnerability exploited in the wild
https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/

Microsoft discovers critical SolarWinds zero-day under active attack | Ars Technica
https://arstechnica.com/gadgets/2021/07/microsoft-discovers-critical-solarwinds-zero-day-under-active-attack/

In an advisory published on July 9, 2021, SolarWinds resolved this vulnerability after being notified by Microsoft of a recent vulnerability related to Serv-U's Secure FTP and Managed File Transfer Server. We have developed a fix to do this. ' Microsoft said it privately notified SolarWinds and provided 'limited and targeted evidence of customer impact,' but SolarWinds may have been affected so far. It states that it has not identified the number or identity of its customers. In addition, 'CVE-2021-35211' is unique to two Serv-U products and two components, Serv-U Gateway , and it seems that there is no impact on other SolarWinds products such as Orion Platform.

The zero-day vulnerability ' CVE-2021-35211 ' discovered this time allows a malicious attacker to gain privileged access to the machine hosting the target Serv-U product and execute code remotely to execute data. It seems that it is a vulnerability that allows you to display, change, or delete. According to SolarWinds, disabling Secure Shell (SSH) access also disables attacks using 'CVE-2021-35211'.

'CVE-2021-35211' is affected by the latest version of Serv-U '15.2.3 HF1' released on May 5, 2021 and all previous versions. SolarWinds has already released a patch '15.2.3 hotfix (HF) 2' and is calling on all users to apply the patch. Users who have already applied '15.2.3 HF1' can apply '15.2.3 HF2' as it is, but they have not applied '15.2.3 HF1' or used a version earlier than '15.2.3'. If you are a user, you need to apply '15.2.3 HF1' and then '15.2.3 HF2'.

The patch '15.2.3 HF2' is available from the SolarWinds Customer Portal.

Customer Portal Login | SolarWinds
https://customerportal.solarwinds.com/

In addition, SolarWinds announced on December 13, 2020 that 'the software update of Orion Platform distributed in March and June 2020 may have been tampered with by a supply chain attack.' The attack was carried out by a hacker group supported by the Russian government, and was carried out by the US Department of Finance, the State Department, the National Telecommunications Information Control Agency, the National Institute of Health, the Department of Energy, the Department of Homeland Security, and the National Nuclear Security Administration. In addition to the ministries and agencies such as, it is reported that some state governments in the United States and large companies such as Microsoft, Cisco, and FireEye were also damaged.

What is the attack on SolarWinds' Orion Platform, which Microsoft president says is 'one of the most serious cyberattacks in the last decade?' --GIGAZINE

It is also known that, apart from the Russian hacker group, the Chinese hacker group also used different vulnerabilities in the Orion Platform to launch malware.

It is revealed that Chinese hackers have also put malware on the product in the shadow of a large-scale hack that abused the SolarWinds product by a Russian government-supported hacker --GIGAZINE