Back to KEVs

CVE-2021-35211

Serv-U Remote Memory Escape Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
June 22, 2021
Published Date
July 14, 2021
Last Updated
February 04, 2025
Vendor
SolarWinds
Product
Serv-U Managed File Transfer Server and Serv-U Secured FTP
Description
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

CVSS Scores

CVSS v3.1

9.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2021-09-30 01:45:42 UTC) Source
Used in Malware
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

BishopFox/CVE-2021-35211

Type: github • Created: 2022-01-14 05:52:17 UTC • Stars: 35

NattiSamson/Serv-U-CVE-2021-35211

Type: github • Created: 2021-09-30 01:45:42 UTC • Stars: 12

Simple Serv-U CVE-2021-35211 PoC