CVE-2021-35211 - OpenCVE

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Solarwinds	Serv-u

Configuration 1 [-]

OR	cpe:2.3:a:solarwinds:serv-u::::::::
	cpe:2.3:a:solarwinds:serv-u:15.2.3:-::::::
	cpe:2.3:a:solarwinds:serv-u:15.2.3:hotfix1::::::

References

Link	Resource
https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit	Patch Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-07-13T00:00:00

Updated: 2021-07-14T20:55:25

Reserved: 2021-06-22T00:00:00

Link: CVE-2021-35211

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-07-14T21:15:08.090

Modified: 2023-08-08T14:22:24.967

Link: CVE-2021-35211

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "Serv-U Managed File Transfer Server and Serv-U Secured FTP ", "vendor": "SolarWinds", "versions": [{"lessThan": "15.2.3 HF1", "status": "affected", "version": "SolarWinds Serv-U", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "SolarWinds would like to thank the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams for reporting on the issue in a responsible manner."}], "datePublic": "2021-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": " Memory Escape Vulnerability in Solarwinds Serv-U ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-14T20:55:25", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}, {"tags": ["x_refsource_MISC"], "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}], "solutions": [{"lang": "en", "value": "SolarWinds has released a hotfix 15.2.3 HF2 It is suggested to upgrade to the latest hotfix as soon as possible "}], "source": {"defect": ["CVE-2021-35211"], "discovery": "EXTERNAL"}, "title": "Serv-U Remote Memory Escape Vulnerability", "workarounds": [{"lang": "en", "value": "SolarWinds advises to disconnect Serv-U Server from internet until patched."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-07-13T16:16:00.000Z", "ID": "CVE-2021-35211", "STATE": "PUBLIC", "TITLE": "Serv-U Remote Memory Escape Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Serv-U Managed File Transfer Server and Serv-U Secured FTP ", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "SolarWinds Serv-U", "version_value": "15.2.3 HF1"}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "SolarWinds would like to thank the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams for reporting on the issue in a responsible manner."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": " Memory Escape Vulnerability in Solarwinds Serv-U "}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}, {"name": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit", "refsource": "MISC", "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}]}, "solution": [{"lang": "en", "value": "SolarWinds has released a hotfix 15.2.3 HF2 It is suggested to upgrade to the latest hotfix as soon as possible "}], "source": {"defect": ["CVE-2021-35211"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "SolarWinds advises to disconnect Serv-U Server from internet until patched."}]}}}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35211", "datePublished": "2021-07-13T00:00:00", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2021-07-14T20:55:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2021-11-17", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "SolarWinds Serv-U Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "66A68531-7831-4875-B0AB-215C3E5A62B6", "versionEndExcluding": "15.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u:15.2.3:-:*:*:*:*:*:*", "matchCriteriaId": "9E8B32A1-90C1-4901-9B66-FA72E5787450", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u:15.2.3:hotfix1:*:*:*:*:*:*", "matchCriteriaId": "92569E9A-911C-4704-A962-047FF5E0E2CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}, {"lang": "es", "value": "Microsoft descubri\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota (RCE) en el producto SolarWinds Serv-U usando una Vulnerabilidad de Escape de Memoria Remota. Si es explotado, un actor de la amenaza puede ser capaz de obtener acceso privilegiado a la m\u00e1quina que aloja Serv-U solamente. SolarWinds Serv-U Managed File Transfer y Serv-U Secure FTP para Windows versiones anteriores a 15.2.3 HF2 est\u00e1n afectados por esta vulnerabilidad"}], "id": "CVE-2021-35211", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-07-14T21:15:08.090", "references": [{"source": "psirt@solarwinds.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}, {"source": "psirt@solarwinds.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}