The New OilFeb 25

Critical #SolarWinds #ServU flaws offer root access to servers

https://www.bleepingcomputer.com/news/security/critical-solarwinds-serv-u-flaws-offer-root-access-to-servers/

#cybersecurity

Critical SolarWinds Serv-U flaws offer root access to servers

SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers.

BleepingComputer
RF WaveJun 21, 2024

Security researchers reveal they have observed #activeexploitation against vulnerability in #SolarWinds #ServU

The vulnerability is tracked as CVE-2024-28995, and when exploited, allows an attacker to read sensitive files on the system. Researchers have released proof-of-concept exploits, and widespread exploitation came soon after.

Administrators are advised to patch ASAP

#cybersecurity

https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/

SolarWinds Serv-U path-traversal flaw actively exploited in attacks

Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits.

BleepingComputer