HomeInsights

High Severity Vulnerability in SolarWinds Serv-U (CVE-2024-28995)

On June 5th, SolarWinds disclosed a vulnerability in their file transfer application Serv-U. The vulnerability is a directory transversal vulnerability that would allow an attacker to read sensitive files on the target machine.

Executive Summary

On June 5th, SolarWinds disclosed a vulnerability in their file transfer application Serv-U. The vulnerability is being tracked as CVE-2024-28995 and is a directory transversal vulnerability that would allow an attacker to read sensitive files on the target machine.

This vulnerability was discovered by a third-party security researcher named Hussein Daher, who discovered this vulnerability affecting SolarWinds Serv-U 15.4.2 HF 1 and previous versions. SolarWinds released a patch with their advisory found here. Successful exploitation of this vulnerability could lead to further compromise of the system or lateral movement within the network. Third party security firm Feedly further reported this vulnerability would allow a remote attacker to gain unauthorized access to sensitive information stored on the server such as credentials, configuration files, or other sensitive data. We expect financially motivated threat actors will study the patch to develop and deploy weaponized exploits in the coming days.

Given these factors, Lodestone believes immediate deployment of SolarWinds released software patches is crucial.

Affected Systems / Products

The vulnerability affects the following SolarWinds products:

  • Products
    • Serv-U FTP Server
    • Serv-U Gateway
    • Serv-U MFT Server
  • Versions
    • All Versions Up to 15.4.2 HF 1

Patches

SolarWinds provided software patches at the time of disclosure. Users with supported versions of Serv-U can download SolarWinds’s Hotfix update patches here and apply them as follows:

  1. Shut down all running Serv-U processes.
    1. Right-click the tray icon and select Stop Serv-U.
    1. Right-click the tray icon and select Exit Tray.
  2. Replace the following files and folders with the ones you backed up during installation:
    1. In Windows OS:
      1. <Serv-U-InstallDir>\Serv-U.exe
      1. <Serv-U-InstallDir>\Serv-U-Tray.exe
      1. <Serv-U-InstallDir>\Serv-U.dll
      1. <Serv-U-InstallDir>\Serv-U-RES.dll
      1. <Serv-U-InstallDir>\RhinoNET.dll
      1. <Serv-U-InstallDir>\RhinoRES.dll
    1. In Linux OS:
      1. <Serv-U-InstallDir>/Serv-U
  3. Extract the hotfix archive to a temporary location.
  4. Open the folder for the platform on which Serv-U is installed.
  5. On Linux, modify the permissions of the file by executing the following command:
    1. chmod u+xs Serv-U
  6. Copy the contents of this folder to your Serv-U installation directory.
  7. Start the Serv-U Tray application.
  8. Right-click the Serv-U Tray icon and select Start Serv-U.

How Lodestone is Responding

Lodestone is monitoring client perimeter devices discovered by Karma to identify potentially impacted devices and support organizations in remediation of any issues found.

Sources

Download PDF

SolarWinds provided software patches at the time of disclosure. Users with supported versions of Serv-U can download SolarWinds’s Hotfix update patches <a href="https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-2-Release-Notes">here</a>.

More Insights

View All >
Qaurterly Cyber snapshot
Cyber Advisories

Critical Vulnerability in PHP-CGI (CVE-2024-4577)

On June 6, 2024, cybersecurity firm Devcore published an advisory detailing a critical bug in the widely used web framework PHP-CGI. Successful exploitation of this vulnerability allows a remote attacker without credentials to perform remote code execution (RCE) on a targeted machine.

Qaurterly Cyber snapshot
Cyber Advisories

High Severity Vulnerability in SolarWinds Serv-U (CVE-2024-28995)

On June 5th, SolarWinds disclosed a vulnerability in their file transfer application Serv-U. The vulnerability is a directory transversal vulnerability that would allow an attacker to read sensitive files on the target machine.

Qaurterly Cyber snapshot
Cyber Advisories

Critical Vulnerability in Checkpoint Quantum (CVE-2024-24919)

On May 27th, the Check Point Research Division reported a vulnerability in certain Check Point Quantum Security Gateway devices. The vulnerability provides a remote attacker the ability to access protected information on an affected device without credentials.

Qaurterly Cyber snapshot
Kill Chain

Mastering The Kill Chain - Step Seven: Action on Objectives

Rapid technological advancements have forged the way forward, but security often struggles to catch up. Even savvy organizations scramble to close gaps within their environments’ armor, while a threat actor may only need to successfully exploit one to achieve their final objectives

Qaurterly Cyber snapshot
Ransomware

Hardening the Frontlines of Ransomware Defense

It’s possible to spot intruders and eject them from the premises, but it’s faster, safer and less expensive to stop them at the front gate. That’s the rationale for hardening external barriers to IT systems.

Qaurterly Cyber snapshot
Ransomware

How to Stop Ransomware

As cybercrime expands into new realms, senior leaders from small-town school districts to Fortune 50 companies are looking for better ways to protect priceless data and fend off ransomware attacks. Many organizations are now paying small fortunes to vendors making outlandish promises—even before taking relatively simple and inexpensive steps to prevent ransomware infections and respond effectively to those that do occur.