Connect with Us!
Subscribe to receive new blog post from PureID in your mail box
SolarWinds New 0-Day: Serv-U Update
SolarWinds Serv-U, one of the leading multi-protocol file servers, reported a critical exploit marked as CVE-2024-28995. It allows unauthorised access to sensitive files. This path traversal flaw poses a significant security risk.
What is CVE-2024-28995?
CVE-2024-28995 is a path traversal vulnerability in SolarWinds Serv-U. Attackers can exploit it remotely and without authentication. It allows an attacker to send specially crafted requests to the server, potentially accessing sensitive files and data from the underlying operating system. This could include user data, server logs, and other critical files
Historical Context
SolarWinds Serv-U has been targeted before. In 2021, a zero-day vulnerability (CVE-2021-35211) was exploited by a group called Circle Typhoon. This historical precedent underscores the importance of patching vulnerabilities in managed file transfer solutions, which are prime targets for cyber criminals.
Exploitation Details
Researchers have observed both automated and manual exploitation attempts. These began after the release of proof-of-concept (PoC) exploit details on June 18, 2024. GreyNoise reported seeing active exploitation in the wild. The PoC scripts made it relatively straightforward for attackers to leverage this vulnerability, prompting urgent calls for patching
Implications for Organisations
Managed file transfer solutions are prime targets for ransomware groups. Examples include attacks on Accellion’s FTA, Fortra’s GoAnywhere MFT, and Progress Software’s MOVEit Transfer. These attacks often result in data breaches and extortion attempt.
Mitigation and Recommendations
SolarWinds released a patch to address CVE-2024-28995. Users of Serv-U FTP and MFT solutions should upgrade to version 15.4.2 HF 2 or later. Immediate patching is crucial due to the active exploitation and sensitivity of the data at risk.
Identifying Affected Systems
Tenable has developed plugins to identify vulnerable systems. These plugins are available on the CVE page for CVE-2024-28995. Organisations should use these tools to detect and remediate this vulnerability.
Enhancing Security with Passwordless Systems
To bolster security and protect against vulnerabilities like CVE-2024-28995, consider implementing passwordless authentication systems. Traditional passwords are often a weak link in cybersecurity, prone to phishing, brute force attacks, and credential stuffing. By moving to a passwordless system, you can significantly enhance the security posture of your SolarWinds Serv-U environment.
Benefits of Passwordless Authentication:
- Reduced Attack Surface
- Improved User Experience
- Enhanced Security
- Compliance and Standards
Implementing Passwordless Systems with PureAuth:
PureAuth offers a robust passwordless authentication solution that can be integrated into your existing infrastructure. By using PureAuth, you can secure your SolarWinds Serv-U environment against unauthorised access and potential vulnerabilities.
Conclusion:
CVE-2024-28995 is a serious vulnerability actively exploited in the wild. Organisations using SolarWinds Serv-U must prioritise patching to protect their systems. Enhancing security with passwordless systems is a proactive step in safeguarding your SolarWinds Serv-U environment. By implementing solutions like PureAuth, you can reduce the risk of exploitation from vulnerabilities like CVE-2024-28995 and ensure a more secure and user-friendly authentication process.