vulnerability

SolarWinds Serv-U: CVE-2021-35211: Serv-U Remote Memory Escape Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jul 9, 2021	Jul 16, 2021	May 3, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jul 9, 2021

Added

Jul 16, 2021

Modified

May 3, 2022

Description

The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.

Solution

solarwinds-serv-u-upgrade

References

CVE-2021-35211
https://attackerkb.com/topics/CVE-2021-35211
https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report