CVE-2021-35211
Published: 14 July 2021
Summary
CVE-2021-35211 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Solarwinds Serv-U. Its CVSS base score is 9.0 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-35211 is a remote code execution vulnerability in SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows versions prior to 15.2.3 HF2. It stems from a Remote Memory Escape issue classified under CWE-787 that permits out-of-bounds memory access, allowing an attacker to execute arbitrary code on the affected host.
An unauthenticated remote attacker can exploit the flaw over the network to obtain privileged access to the Windows system running the Serv-U service. The CVSS 3.1 score of 9.0 reflects the combination of network attack vector, high complexity, and full impact on confidentiality, integrity, and availability within a changed scope.
Microsoft and SolarWinds advisories recommend immediate upgrade to version 15.2.3 HF2 or later. The vulnerability was used as a zero-day by a threat actor and is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active in-the-wild exploitation prior to public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-21854
Vulnerability details
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed…
more
File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (15.2.3 HF2) that eliminates the Remote Memory Escape flaw.
Enforces memory-protection mechanisms that block the out-of-bounds writes (CWE-787) used for RCE.
Restricts network exposure of the Serv-U service, reducing the attack surface for unauthenticated remote exploitation.