SolarWinds became the epicenter of a massive supply chain attack late last year. Recently, Microsoft discovered a remote code execution (RCE) exploit in the SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, this exploit involves a limited, targeted set of customers and a single threat actor. The company has developed a hotfix to resolve this vulnerability.
Two patches for fixing CVE-2021-3521
The vulnerability ranked as CVE-2021-3521, exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor could install programs, view, change, or delete data, or run programs on the affected system after running arbitrary code with privileges. Serv-U version 15.2.3 hotfix (HF) 2 has been released.
It does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products. SolarWinds recommends its users log into their Customer Portal to access the updates. This update is expected to take only a few minutes to implement.