How to find SolarWinds Serv-U systems on your network
Microsoft recently notified SolarWinds that they had discovered a remote code execution vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP. The vulnerability being exploited is CVE-2021-35211 and only exists when SSH is enabled in Serv-U environments.
SolarWinds has issued a hotfix and recommends customers log into their customer portals to access these updates. You will need to install these updates immediately.
With Rumble you can find Serv-U servers with SSH enabled in your inventory with this pre-built query. This query identifies SSH services that use the insecure Serv-U key or the Serv-U banner.
_asset.protocol:ssh AND protocol:"ssh" AND (banner:"SSH-2.0-Serv-U" OR ssh.hostKey.md5:"=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99")
Rumble can help you find your SolarWinds Serv-U systems fast.
October 5, 2021
Finding Apache HTTP Server instances
Update: The 2.4.50 fix was incomplete and we strongly recommend upgrading to 2.4.51 or newer. The Apache Software Foundation recently announced a path traversal vulnerability present in version 2.4.49 of the Apache HTTP Server software. Due to insufficient coverage of …Read More
September 21, 2021
Finding Hikvision IP cameras and recorders on your network
Newly published security research from Watchful IP reveals an unauthenticated code execution vulnerability (assigned CVE-2021-36260) present in many Hikvision networked video devices. With a “critical” CVSS score of 9.8, this vulnerability affects a long list of Hikvision …Read More
September 17, 2021
Finding Azure Linux VMs running OMI services
Details on vulnerabilities present in some Azure Linux VMs, collectively referred to as “OMIGOD”, came to light this week via published research by the cloud security folks at Wiz.io. These vulnerabilities are found in the Open Management Infrastructure software that …Read More