SolarWinds Serv-U vulnerability exploited to deliver Log4j attack

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

SolarWinds is affected by a vulnerability (CVE-2021-35247)  due to improper input validation when processing LDAP queries in the Serv-U web login screen. Serv-U versions up to 15.2.5 are affected by this flaw and were fixed in version 15.3.

A threat actor used this vulnerability to send a manipulated LDAP query with unsanitized data to target Serv-U using the Log4j vulnerability. The attempt failed because Serv-U does not use Log4j code and the authentication target – LDAP (Microsoft Active Directory) – is not vulnerable to Log4j attacks.

HivePro threat researchers advise customers to patch the vulnerability using the link given below.

Vulnerability Details

Patch Link

https://documentation.solarwinds.com/en/success_center/servu/content/servu-iug-upgrade.htm

References

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247

https://threatpost.com/microsoft-log4j-attackssolarwinds-serv-u-bug/177824/

https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#CVE-2021-35247

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs