Software company SolarWinds released a security advisory summary on July 9th that says Microsoft notified them of a previously unknown security vulnerability related to Serv-U Manager File Transfer Server and Serv-U Secured FTP. Microsoft’s research says the exploit “involves a limited, targeted set of customers and a single threat actor.” SolarWinds says that they do not have an estimate of how many customers may be directly affected by the vulnerability nor are they aware of the identities of the potentially affected customers.
If the remote code execution (RCE) vulnerability is exploited, a threat actor can run arbitrary code with privileges to make changes such as install programs; view, change or delete data; and or run programs on the affected system. SolarWinds notes that the new vulnerability is NOT related to the SUNBURST supply chain attack. The advisory stated that “additional details of the vulnerability will be published after giving customers sufficient time to upgrade for the protection of their environments.”
The only products known to be affected by this vulnerability are Serv-U Manager File Transfer Server and Serv-U Secured FTP, as well as Serv-U Gateway as it is a component of those two products. If a SolarWinds customer does not have SSH enabled in their Serv-U environment, the vulnerability cannot be exploited in that instance. SolarWinds has released a hotfix (HF) since this vulnerability was discovered, and it is recommended that anyone using these products install Serv-U version 15.2.3 HF2 immediately and to check their SolarWinds “Customer Portal” for updates.