Threat Bulletin

Alert essentials:
A directory traversal is being actively exploited in SolarWinds Serv-U. A successful hacker can read files from the underlying operating system.

Upgrade the Serv-U version with the available hotfix.

Email Team

Detailed threat description:
A high-severity directory traversal vulnerability in SolarWinds Serv-U is being exploited in the wild. The vulnerability arises from inadequate validation of path traversal segments that permit attackers to bypass security checks. The exploit can be executed via a simple GET request to the root directory.

Fueled by a proof-of-concept publication in mid-June, this exploit could compromise the system or lateral movement within the network. Information disclosures are often used in ‘smash-and-grab’ attacks that allow threat actors to access and quickly exfiltrate data to extort victims.

Prevent hackers from using this flaw against environments by immediately upgrading SolarWinds Serv-U to version 15.4.2 HF2!

Impacts on healthcare organizations:
Threats to healthcare systems continue to threaten the availability of patient data, which is one of the most vital needs in the health and medical industry. Internal threats arise from inappropriate access to sensitive data, while external threats arise from external exploitation of vulnerable healthcare information systems. Ensure adequate system protection by correctly installing and configuring equipment and securing the networks that connect the tools.

Engineering recommendations:

References: