SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
Microsoft has reported limited and targeted attacks using a 0-day exploit against this vulnerability.
CISA encourages users and administrators to review the SolarWinds advisory and install the necessary updates.
