Network Security, Vulnerability Management, Patch/Configuration Management

Attacks exploiting SolarWinds Serv-U bug underway

Close up view of internet equipment and cables in the server room.

Vulnerable SolarWinds Serv-U devices impacted by the high-severity path traversal flaw, tracked as CVE-2024-28995, have been subjected to ongoing attacks using publicly available proof-of-concept exploits, according to BleepingComputer.

Intrusions leveraging the easily exploitable vulnerability could put 5,500 to 9,500 SolarWinds Serv-U FTP Server, Gateway, MFT Server, and File Server instances at risk of unauthorized file access and extended compromise, reported Rapid7 researchers.

Another investigation by GreyNoise using a vulnerable Serv-U system-mimicking honeypot revealed that intrusions involved manual and automated attempts through incorrect slashes and path traversal sequences to distribute platform-specific payloads. Most intrusions were discovered to be targeted at files containing Linux user data, Serv-U FTP Server startup logs, and Windows configuration settings, which have been used to enable privilege escalation and further compromise.

Organizations have been urged to immediately remediate impacted systems with a fix issued by SolarWinds earlier this month.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds