An RCE vulnerability in Serv-U managed file transfer service provided by SolarWinds is being exploited. The SolarWinds firm, earlier targeted via a supply chain attack, has issued patches to fix the flaw.
What has happened?
Microsoft has presented evidence of limited and targeted customers impacted by the zero-day flaw tracked as CVE-2021-35211. However, SolarWinds does not have the exact estimate of how many customers could be impacted by the vulnerability.
The flaw affects Serv-U version 15.2.3 HF1 and prior. Successful exploitation of this vulnerability allows attackers to run arbitrary code on the infected system.
Moreover, the vulnerability enables attackers to install malicious programs and view, change, or delete important data. However, the flaw is addressed in Serv-U version 15.2.3 hotfix (HF) 2.
The firm is asking administrators to watch out for any potentially suspicious connections via SSH from the IP addresses 98[.]176[.]196[.]89 and 68[.]235[.]178[.]32 or 208[.]113[.]35[.]58 via TCP 443.
SolarWinds stated in its recent advisory that the zero-day found is nowhere related to the SUNBURST supply chain attack. Moreover, it does not affect any other products, especially the Orion platform.
Recent supply chain attacks
Several incidents have come to light in which supply chain attacks were performed.
Recently, Kaseya was targeted by the REvil ransomware in a supply chain attack, targeting critical security vulnerabilities (CVE-2021-30116/19/20) in its Virtual System Administrator solution.
A monumental supply chain attack on the aviation industry was linked to the Chinese nation-state actor APT41, in June.
In May, Canada Post suffered a data breach incident that impacted 950,000 of its customers. The security breach occurred due to a malware-based supply chain attack.
The recent supply chain attacks highlight the vulnerability of modern networks and supply chains. Attackers are increasingly identifying vulnerabilities in widely-used software chains to deploy malicious software. Therefore, organizations are suggested to follow the recommendations provided by security agencies and keep reviewing their cybersecurity posture at regular intervals.