SolarWinds Serv-U vulnerability exploited to deliver Log4j attack

Threat Advisories

SolarWinds Serv-U vulnerability exploited to deliver Log4j attack

January 24, 2022

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here.

SolarWinds is affected by a vulnerability (CVE-2021-35247)  due to improper input validation when processing LDAP queries in the Serv-U web login screen. Serv-U versions up to 15.2.5 are affected by this flaw and were fixed in version 15.3.

A threat actor used this vulnerability to send a manipulated LDAP query with unsanitized data to target Serv-U using the Log4j vulnerability. The attempt failed because Serv-U does not use Log4j code and the authentication target – LDAP (Microsoft Active Directory) – is not vulnerable to Log4j attacks.

HivePro threat researchers advise customers to patch the vulnerability using the link given below.

Vulnerability Details

Patch Link

https://documentation.solarwinds.com/en/success_center/servu/content/servu-iug-upgrade.htm

References

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247

https://threatpost.com/microsoft-log4j-attackssolarwinds-serv-u-bug/177824/

https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#CVE-2021-35247

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.