CVE-2021-35250 Scanner
Detects 'Directory Traversal' vulnerability in SolarWinds Serv-U affects version 15.3.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4
Toolbox
-
SolarWinds Serv-U is a versatile server software that provides file transfer and management capabilities across networks. It is commonly used by IT professionals to securely manage file transfers between systems internally and across the internet. The platform offers a wide range of features, including FTP, SFTP, and HTTP file transfer protocols, making it a preferred choice for enterprises looking to streamline their file handling processes efficiently.
The directory traversal vulnerability is triggered when an attacker crafts a request that includes ../ sequences to navigate the server's directory structure. By carefully forming such requests, an attacker can bypass the server's path restriction mechanisms to access or read files that should be restricted. This could include configuration files, source code, or even system files, depending on the server's setup and the attacker's ingenuity.
If exploited, this vulnerability can result in significant data breaches, leaking confidential or proprietary information. It may also serve as a vector for further attacks, such as the execution of malicious code if the attacker gains access to executable files or scripts. The breach of data integrity and confidentiality can have severe implications for businesses, including financial loss, reputational damage, and legal consequences.
By leveraging the security scanning capabilities of S4E, users can identify vulnerabilities like CVE-2021-35250 early in their digital infrastructure. Our platform not only detects such vulnerabilities but also provides detailed insights and recommendations for remediation. Membership with S4E empowers organizations with continuous monitoring and assessment tools, enhancing their cybersecurity posture against evolving threats.
References
- https://github.com/rissor41/SolarWinds-CVE-2021-35250
- https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-3-HotFix-1?language=en_US
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250
- https://twitter.com/shaybt12/status/1646966578695622662?s=43&t=5HOgSFut7Y75N7CBHEikSg
- https://nvd.nist.gov/vuln/detail/CVE-2021-35250