Published: August 03, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
Just when you thought that perhaps we wouldn’t hear of SolarWinds again, another vulnerability is found and is being actively taken advantage of by unscrupulous attackers. In early June, SolarWinds disclosed that a new bug was found and at the same time announced that a fix was already available for it.
This flaw allows unauthenticated attackers to read arbitrary files on the host system by sending specially crafted HTTP GET requests. The vulnerability arises from improper validation of path traversal sequences, enabling attackers to bypass security checks and access sensitive files.
CVE-2024-28995 is a critical directory traversal vulnerability in SolarWinds Serv-U software. If exploited, an attacker can gain unauthorized access to sensitive information. This can potentially lead to further system compromise or enable lateral movement within the network. The vulnerability affects several versions of SolarWinds Serv-U, including Serv-U 15.4.2 hotfix 1 and previous versions, Serv-U FTP Server, Serv-U Gateway, and Serv-U MFT Server. The flaw was addressed in Serv-U 15.4.2 hotfix 2.
To mitigate this vulnerability, SolarWinds has released a patch (version 15.4.2.157) that addresses the issue. It is crucial for administrators to apply this update immediately and ensure their systems are protected against potential exploits.
The vulnerability has been actively exploited in the wild, with public proof-of-concept exploits still available, making it so easy for attackers who don’t want to figure it out for themselves. Therefore, it's imperative to take important steps to protect the network. Get the necessary patches applied and follow best practices for securing file permissions, network segmentation, and continuous monitoring to detect and prevent unauthorized access attempts.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments