Last Updated on 22/11/2021 by Anamika
Reportedly, the Clop ransomware gang has been making various systems vulnerable by breaching corporate organizations, and this time, using SolarWinds Serv-U flaw.
According to the reports of bleeping computer, the Serv-U Managed File Transfer and Serv-U Secure FTP remote code execution vulnerability tracked as CVE-2021-35211, allows a remote threat actor to execute commands on a vulnerable server with elevated privileges.
SolarWinds has been intimating the customers and users about all the attacks since July 2021 and has been updating the emergency patches so that the customer’s data won’t get stolen. As it has been reported that a single threat actor has been exploiting all the vulnerabilities.
The company also warned that this vulnerability only affects customers who have enabled the SSH feature, which is commonly used to further protect connections to the FTP server.
The Clop gang has been using the recent flaw for months now to spawn a sub-process, enabling the data systems to go haywire and encrypted. Even though the company has been trying really hard to keep their software updated, and despite the numerous alerts to apply the security update, many vulnerable Serv-U servers remain publicly accessible.
Also, according to bleeping computer, it’s been almost four months since SolarWinds released the security update for this vulnerability, but the percentage of potentially vulnerable Serv-U servers remains above 60%.