SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
Microsoft has reported limited and targeted attacks using a 0-day exploit against this vulnerability.
CISA encourages users and administrators to review the SolarWinds advisory and install the necessary updates.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.