How to find SolarWinds Serv-U systems on your network
Microsoft recently notified SolarWinds that they had discovered a remote code execution vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP. The vulnerability being exploited is CVE-2021-35211 and only exists when SSH is enabled in Serv-U environments.
SolarWinds has issued a hotfix and recommends customers log into their customer portals to access these updates. You will need to install these updates immediately.
Finding SolarWinds Serv-U systems with Rumble
With Rumble you can find Serv-U servers with SSH enabled in your inventory with this pre-built query. This query identifies SSH services that use the insecure Serv-U key or the Serv-U banner.
_asset.protocol:ssh AND protocol:"ssh" AND (banner:"SSH-2.0-Serv-U" OR ssh.hostKey.md5:"=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99")
As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.
Get runZero for free
Don’t have runZero and need help finding SolarWinds Serv-U systems?
Get started
Similar Content
February 15, 2023
Finding OpenSSH servers
The OpenSSH team surfaced a security issue earlier this month that specifically affects OpenSSH server version 9.1p1 (a.k.a. version 9.1). This version contains a memory double-free vulnerability (tracked as CVE-2023-25136) that can be reached pre-authentication by a remote …
Read MoreFebruary 8, 2023
Finding VMware ESXi assets
This Rapid Response post covers ESXiArgs, a new strain of ransomware that is targeting VMware ESXi servers. Learn how you can find potentially affected servers on your network.
February 3, 2023
Finding Lexmark printer assets
Printer manufacturer Lexmark recently published details on a vulnerability that affects over 100 of their printer models. Learn how runZero can help you find potentially affected assets.