CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
Summary
CISA has issued a warning that threat actors are actively exploiting a recently patched vulnerability in SolarWinds Serv-U to cause server crashes. The flaw, identified as CVE-2024-28921, allows for remote code execution if an attacker can trick a user into opening a malicious FTP link. This vulnerability has been rated as critical by SolarWinds.
IFF Assessment
The active exploitation of a critical vulnerability allowing for remote code execution and server crashes is bad news for defenders.
Severity
The vulnerability allows for remote code execution (CVSS vector: RCE) with high impact on confidentiality, integrity, and availability, making it a critical threat.
Defender Context
Defenders should prioritize patching the CVE-2024-28921 vulnerability in SolarWinds Serv-U immediately, as it is being actively exploited. Organizations should also monitor their networks for any signs of compromise, particularly related to FTP activity and unusual server behavior, to detect and respond to potential attacks.