June 21, 2024 at 09:21AM Threat actors are exploiting a recently patched SolarWinds Serv-U vulnerability (CVE-2024-28995) using public proof-of-concept code, as reported by GreyNoise. The vulnerability allows unauthorized access to sensitive files on the host machine. Rapid7 published a technical writeup on successfully exploiting the issue, warning of its trivial exploitability. SolarWinds customers are urged … Read more
June 21, 2024 at 05:24AM A high-severity flaw in SolarWinds Serv-U file transfer software (CVE-2024-28995, CVSS score: 8.6) allows attackers to read sensitive files. Security researcher Hussein Daher discovered the flaw, and a proof-of-concept exploit has been made available. Rapid7 described it as trivial to exploit. Users are urged to apply updates promptly to mitigate … Read more
June 20, 2024 at 11:54AM Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability using publicly available proof-of-concept exploits. The CVE-2024-28995 flaw allows unauthenticated attackers to read arbitrary files from the filesystem. SolarWinds released a fix, but public exploits are available, making it crucial for administrators to apply the security updates promptly. Based on … Read more