How to find SolarWinds Serv-U systems on your network

July 15, 2021, by

Thao Doan

Microsoft recently notified SolarWinds that they had discovered a remote code execution vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP. The vulnerability being exploited is CVE-2021-35211 and only exists when SSH is enabled in Serv-U environments.

SolarWinds has issued a hotfix and recommends customers log into their customer portals to access these updates. You will need to install these updates immediately.

Finding SolarWinds Serv-U systems with Rumble

With Rumble you can find Serv-U servers with SSH enabled in your inventory with this pre-built query. This query identifies SSH services that use the insecure Serv-U key or the Serv-U banner.

_asset.protocol:ssh AND protocol:"ssh" AND (banner:"SSH-2.0-Serv-U" OR ssh.hostKey.md5:"=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99")

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Start your Rumble trial

Rumble can help you find your SolarWinds Serv-U systems fast.

Start your free trial

Similar Content

May 4, 2021

How to find Exim mail servers on your network

In their security advisory for 21Nails, the Qualys Research team communicated their discovery of several critical vulnerabilities in Exim mail servers that can be exploited for unauthenticated code execution and root privileges. Recently, maintainers of the Exim mail server …

Read More

March 31, 2021

How to find Ubiquiti devices on your network

Earlier this year, Ubiquiti, a popular networking equipment manufacturer for businesses and consumers, disclosed a security breach that potentially exposed customer data. However, recent news indicates that the reported breach was intentionally and severely underreported, …

Read More