SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability that was exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers.

The vulnerability (tracked as CVE-2021-35211) impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it enables remote threat actors to execute arbitrary code with privileges following successful exploitation.

The bug found by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams in the latest Serv-U 15.2.3 HF1 released in May 2021 also affects all prior versions.

SolarWinds has addressed the security vulnerability reported by Microsoft with the release of Serv-U version 15.2.3 hotfix (HF) 2.

Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability

Software VersionUpgrade Paths Serv-U

  • 15.2.3 HF1Apply Serv-U 15.2.3 HF2, available in your Customer PortalServ-U 
  • 15.2.3 Apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, available in your Customer PortalAll Serv-U
  • Versions prior to 15.2.3Upgrade to Serv-U 15.2.3, then apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2, available in your Customer Portal

The company added that all other SolarWinds and N-able products (including the Orion Platform and Orion Platform modules) are unaffected by CVE-2021-35211.

“SolarWinds released a hotfix Friday, July 9, 2021, and we recommend all customers using Serv-U install this fix immediately for the protection of your environment,” the US-based software firm warned.