The vulnerability has been in use since it was last exploited in December 2020.Ĭlassified under two weakness enumerations, CWE-287 (Improper Authentication) and CWE-288 (Authentication Bypass Using an Alternate Path or Channel), the CVE has a CVSS v3 score of 9.8 and is critical in severity. The attackers also actively exploited an existing SolarWinds Orion API vulnerability (CVE-2020-10148) to gain initial access to a vulnerable server.ĬVE-2020-10148 is an authentication bypass vulnerability in the SolarWinds Orion API. The remote memory escape vulnerability allows attackers to gain privileged access to machines hosting Serv-U products.Ī hotfix for the issue was released by SolarWinds on the day Microsoft discovered the zero-day vulnerability. The CVE is classified under CWE-668 (Exposure of Resource to Wrong Sphere) as a critical vulnerability with a CVSS v3 score of 10. Here is our analysis of the vulnerabilities.ĬVE-2021-35211 is a remote code execution vulnerability in the SolarWinds Serv-U product. The Chinese group, DEV-0322, exploited two CVEs to gain access to the Serv-U FTP server and conduct its target-specific attacks. SolarWinds released a hotfix for the zero-day vulnerability immediately after the discovery, and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on 13 July, 2021 to all SolarWinds users and administrators, emphasizing the urgency to implement the necessary updates. However, the issue only affects Serv-U 15.2.3 HF1 and older versions. Once the SSH is exposed to the Internet, attackers who successfully exploit it can run arbitrary code with remote privileges, allowing them to install and run malicious codes or view and change data. The recently discovered vulnerability exists in the implementation of the Serv-U Secure Shell (SSH) protocol. The news of the threat campaign comes in the wake of a series of recent attacks by the Russian APT group, Nobelium, which was involved in the Solarwinds Orion attack in December 2020. However, it is not yet certain if SPIRAL and DEV-0322 are related in any way.ĭEV-0322 was seen using CVE-2021-35211 to launch limited and targeted attacks on organizations in the Asia-Pacific, before venturing towards the US defense industrial base sector and leading companies in the North American healthcare, hospitality, education, software, and telecommunication sectors. Another Chinese APT group called SPIRAL was also seen targeting vendors. The threat campaign was attributed to a Chinese group called DEV-0322. On July 9, 2021, Microsoft informed SolarWinds of a zero-day vulnerability ( CVE-2021-35211) in its Serv-U Managed File Transfer software that was being exploited in the wild. We urge customers to immediately update systems running SolarWinds Serv-U software to version 15.2.3 HF2 and above. The Serv-U vulnerability was used as an initial access technique deviating from their usual tactics of a phishing-based approach. The cybercrime threat actor, TA505, also known as Hive0065, uses Clop ransomware for extortion attacks. I'm not convinced it is, but I'd like to get all of your opinions on this.Context - this is regarding a small HVAC comp.: An increase in Clop ransomware victims in the last few months was traced back to the SolarWinds Serv-U FTP vulnerability which is being abused by the threat actor, TA505. Hey all,I got into a conversation recently regarding a small company and discussing if a non-ISP provided Firewall was really required. Are Firewalls Really Necessary For Small Businesses? Security.I’d do searches on Amazon or other retail I used to buy refurbished models,īut they only got me so far. I run with a lean budget which means that most PC and Laptop What is the best resource to find the manufacturer year of a computer? Hardware.Is it okay for an entry level IT Support tech/Help Desk to not know how to script/automate? Question for the experienced IT & Tech Careers.Snap! - First Woman in Space, Quantum Processors, eVTOL Commuting, Voicebox AI Spiceworks Originalsįlashback: June 16, 1784: Holland (The Netherlands) outlaws wearing orange clothing (Read more HERE.)įlashforward: Stardate 47457.1: Captain Picard Day first celebrated (Read m.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |