Vulnerable SolarWinds Serv-U devices impacted by the high-severity path traversal flaw, tracked as CVE-2024-28995, have been subjected to ongoing attacks using publicly available proof-of-concept exploits, according to BleepingComputer.
Intrusions leveraging the easily exploitable vulnerability could put 5,500 to 9,500 SolarWinds Serv-U FTP Server, Gateway, MFT Server, and File Server instances at risk of unauthorized file access and extended compromise, reported Rapid7 researchers.
Another investigation by GreyNoise using a vulnerable Serv-U system-mimicking honeypot revealed that intrusions involved manual and automated attempts through incorrect slashes and path traversal sequences to distribute platform-specific payloads. Most intrusions were discovered to be targeted at files containing Linux user data, Serv-U FTP Server startup logs, and Windows configuration settings, which have been used to enable privilege escalation and further compromise.
Organizations have been urged to immediately remediate impacted systems with a fix issued by SolarWinds earlier this month.