CVE-2021-35211 - Vulnerability Details - OpenCVE

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Solarwinds	Serv-u

Configuration 1 [-]

OR	cpe:2.3:a:solarwinds:serv-u::::::::
	cpe:2.3:a:solarwinds:serv-u:15.2.3:-::::::
	cpe:2.3:a:solarwinds:serv-u:15.2.3:hotfix1::::::

No data.

References

Link	Providers
https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

History

Wed, 05 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 04 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-07-14T20:55:25.167Z

Updated: 2025-02-04T19:06:36.275Z

Reserved: 2021-06-22T00:00:00.000Z

Link: CVE-2021-35211

Vulnrichment

Updated: 2024-08-04T00:33:51.183Z

NVD

Status : Modified

Published: 2021-07-14T21:15:08.090

Modified: 2025-02-04T19:15:24.803

Link: CVE-2021-35211

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "Serv-U Managed File Transfer Server and Serv-U Secured FTP", "vendor": "SolarWinds", "versions": [{"lessThan": "15.2.3 HF1", "status": "affected", "version": "SolarWinds Serv-U", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "SolarWinds would like to thank the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams for reporting on the issue in a responsible manner."}], "datePublic": "2021-07-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Memory Escape Vulnerability in Solarwinds Serv-U", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-14T20:55:25.000Z", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}, {"tags": ["x_refsource_MISC"], "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}], "solutions": [{"lang": "en", "value": "SolarWinds has released a hotfix 15.2.3 HF2 It is suggested to upgrade to the latest hotfix as soon as possible"}], "source": {"defect": ["CVE-2021-35211"], "discovery": "EXTERNAL"}, "title": "Serv-U Remote Memory Escape Vulnerability", "workarounds": [{"lang": "en", "value": "SolarWinds advises to disconnect Serv-U Server from internet until patched."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-07-13T16:16:00.000Z", "ID": "CVE-2021-35211", "STATE": "PUBLIC", "TITLE": "Serv-U Remote Memory Escape Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Serv-U Managed File Transfer Server and Serv-U Secured FTP", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "SolarWinds Serv-U", "version_value": "15.2.3 HF1"}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "SolarWinds would like to thank the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams for reporting on the issue in a responsible manner."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Memory Escape Vulnerability in Solarwinds Serv-U"}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}, {"name": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit", "refsource": "MISC", "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}]}, "solution": [{"lang": "en", "value": "SolarWinds has released a hotfix 15.2.3 HF2 It is suggested to upgrade to the latest hotfix as soon as possible"}], "source": {"defect": ["CVE-2021-35211"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "SolarWinds advises to disconnect Serv-U Server from internet until patched."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:51.183Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T19:06:30.616456Z", "id": "CVE-2021-35211", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35211"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T19:06:36.275Z"}}]}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35211", "datePublished": "2021-07-14T20:55:25.167Z", "dateReserved": "2021-06-22T00:00:00.000Z", "dateUpdated": "2025-02-04T19:06:36.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:51.183Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-35211", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T19:06:30.616456Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35211"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T19:06:04.170Z"}}], "cna": {"title": "Serv-U Remote Memory Escape Vulnerability", "source": {"defect": ["CVE-2021-35211"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "SolarWinds would like to thank the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams for reporting on the issue in a responsible manner."}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "SolarWinds", "product": "Serv-U Managed File Transfer Server and Serv-U Secured FTP", "versions": [{"status": "affected", "version": "SolarWinds Serv-U", "lessThan": "15.2.3 HF1", "versionType": "custom"}], "platforms": ["Windows"]}], "solutions": [{"lang": "en", "value": "SolarWinds has released a hotfix 15.2.3 HF2 It is suggested to upgrade to the latest hotfix as soon as possible"}], "datePublic": "2021-07-13T00:00:00.000Z", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211", "tags": ["x_refsource_MISC"]}, {"url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit", "tags": ["x_refsource_MISC"]}], "workarounds": [{"lang": "en", "value": "SolarWinds advises to disconnect Serv-U Server from internet until patched."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Memory Escape Vulnerability in Solarwinds Serv-U"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2021-07-14T20:55:25.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "SolarWinds would like to thank the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams for reporting on the issue in a responsible manner."}], "impact": {"cvss": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"defect": ["CVE-2021-35211"], "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"platform": "Windows", "version_name": "SolarWinds Serv-U", "version_value": "15.2.3 HF1", "version_affected": "<"}]}, "product_name": "Serv-U Managed File Transfer Server and Serv-U Secured FTP"}]}, "vendor_name": "SolarWinds"}]}}, "solution": [{"lang": "en", "value": "SolarWinds has released a hotfix 15.2.3 HF2 It is suggested to upgrade to the latest hotfix as soon as possible"}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211", "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211", "refsource": "MISC"}, {"url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit", "name": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Memory Escape Vulnerability in Solarwinds Serv-U"}]}]}, "work_around": [{"lang": "en", "value": "SolarWinds advises to disconnect Serv-U Server from internet until patched."}], "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-35211", "STATE": "PUBLIC", "TITLE": "Serv-U Remote Memory Escape Vulnerability", "ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-07-13T16:16:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2021-35211", "state": "PUBLISHED", "dateUpdated": "2025-02-04T19:06:36.275Z", "dateReserved": "2021-06-22T00:00:00.000Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2021-07-14T20:55:25.167Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"cisaActionDue": "2021-11-17", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "SolarWinds Serv-U Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "66A68531-7831-4875-B0AB-215C3E5A62B6", "versionEndExcluding": "15.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u:15.2.3:-:*:*:*:*:*:*", "matchCriteriaId": "9E8B32A1-90C1-4901-9B66-FA72E5787450", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u:15.2.3:hotfix1:*:*:*:*:*:*", "matchCriteriaId": "92569E9A-911C-4704-A962-047FF5E0E2CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability."}, {"lang": "es", "value": "Microsoft descubri\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota (RCE) en el producto SolarWinds Serv-U usando una Vulnerabilidad de Escape de Memoria Remota. Si es explotado, un actor de la amenaza puede ser capaz de obtener acceso privilegiado a la m\u00e1quina que aloja Serv-U solamente. SolarWinds Serv-U Managed File Transfer y Serv-U Secure FTP para Windows versiones anteriores a 15.2.3 HF2 est\u00e1n afectados por esta vulnerabilidad"}], "id": "CVE-2021-35211", "lastModified": "2025-02-04T19:15:24.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "psirt@solarwinds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-14T21:15:08.090", "references": [{"source": "psirt@solarwinds.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}, {"source": "psirt@solarwinds.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}