How to find SolarWinds Serv-U systems on your network

|
Updated

Latest SolarWinds vulnerability #

Microsoft recently notified SolarWinds that they had discovered a remote code execution vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP. The vulnerability being exploited is CVE-2021-35211 and only exists when SSH is enabled in Serv-U environments.

SolarWinds has issued a hotfix and recommends customers log into their customer portals to access these updates. You will need to install these updates immediately.

Finding SolarWinds Serv-U systems with runZero #

With runZero you can find Serv-U servers with SSH enabled in your inventory with this pre-built query. This query identifies SSH services that use the insecure Serv-U key or the Serv-U banner.

_asset.protocol:ssh AND protocol:"ssh" AND (banner:"SSH-2.0-Serv-U" OR ssh.hostKey.md5:"=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99")

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Written by runZero Team

Great research and development is a team effort! Multiple runZero team members collaborated on this post. Go team!

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Discover the new era of exposure management!