Recent SolarWinds Serv-U Vulnerability Exploited in the Wild

June 21, 2024 at 09:21AM Threat actors are exploiting a recently patched SolarWinds Serv-U vulnerability (CVE-2024-28995) using public proof-of-concept code, as reported by GreyNoise. The vulnerability allows unauthorized access to sensitive files on the host machine. Rapid7 published a technical writeup on successfully exploiting the issue, warning of its trivial exploitability. SolarWinds customers are urged … Read more

SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately

June 21, 2024 at 05:24AM A high-severity flaw in SolarWinds Serv-U file transfer software (CVE-2024-28995, CVSS score: 8.6) allows attackers to read sensitive files. Security researcher Hussein Daher discovered the flaw, and a proof-of-concept exploit has been made available. Rapid7 described it as trivial to exploit. Users are urged to apply updates promptly to mitigate … Read more

SolarWinds Serv-U path-traversal flaw actively exploited in attacks

June 20, 2024 at 11:54AM Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability using publicly available proof-of-concept exploits. The CVE-2024-28995 flaw allows unauthenticated attackers to read arbitrary files from the filesystem. SolarWinds released a fix, but public exploits are available, making it crucial for administrators to apply the security updates promptly. Based on … Read more

SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester

June 7, 2024 at 07:00AM SolarWinds released patches for high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a NATO pentester. Version 2024.2 includes fixes for three security defects and multiple bugs in third-party components. The vulnerabilities impact SolarWinds Platform 2024.1 SR 1 and previous versions. Users are urged to update … Read more