CVE-2021-35250 – CVE-2021-35250 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2021-35250?

CVE-2021-35250 has a CVSS score of 7.5 (HIGH). CVE-2021-35250 is a directory traversal vulnerability in SolarWinds Serv-U FTP server that allows attackers to access files outside the intended directory structure. This affects Serv-U 15.3 installations, potentially exposing sensitive server files and configuration data. Organizations running vulnerable versions of Serv-U are at risk.

📋 TL;DR

CVE-2021-35250 is a directory traversal vulnerability in SolarWinds Serv-U FTP server that allows attackers to access files outside the intended directory structure. This affects Serv-U 15.3 installations, potentially exposing sensitive server files and configuration data. Organizations running vulnerable versions of Serv-U are at risk.

💻 Affected Systems

Products:

SolarWinds Serv-U

Versions: Serv-U 15.3 (specifically version 15.3.0)

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only Serv-U 15.3 is affected. Earlier versions and later versions with Hotfix 1 applied are not vulnerable.

📦 What is this software?

Serv U by Solarwinds

View all CVEs affecting Serv U →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive system files, configuration files, or authentication data, potentially leading to complete server compromise and lateral movement within the network.

🟠

Likely Case

Unauthorized access to server configuration files, logs, and potentially sensitive data stored in accessible directories, enabling further reconnaissance or data exfiltration.

🟢

If Mitigated

Limited access to non-critical files with proper access controls and monitoring in place, though the vulnerability still presents an initial foothold risk.

🌐 Internet-Facing: HIGH - Serv-U servers exposed to the internet are directly vulnerable to exploitation attempts from external attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability to access sensitive server files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities typically have low exploitation complexity, though specific exploit details for this CVE haven't been publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Serv-U 15.3 Hotfix 1

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250

Restart Required: Yes

Instructions:

1. Download Serv-U 15.3 Hotfix 1 from SolarWinds Customer Portal. 2. Stop Serv-U service. 3. Apply the hotfix. 4. Restart Serv-U service. 5. Verify version shows 15.3 Hotfix 1.

🔧 Temporary Workarounds

Restrict Access Controls

all

Implement strict access controls and file permissions to limit what directories Serv-U can access

Network Segmentation

all

Isolate Serv-U servers from sensitive network segments and restrict inbound access

🧯 If You Can't Patch

Implement strict network access controls to limit who can connect to Serv-U servers
Enable detailed logging and monitoring for unusual file access patterns

🔍 How to Verify

Check if Vulnerable:

Check Serv-U version in administration console or via 'serv-u --version' command. If version is exactly 15.3.0, the system is vulnerable.

Check Version:

serv-u --version (Linux) or check Serv-U Administration Console (Windows)

Verify Fix Applied:

Verify version shows '15.3 Hotfix 1' in administration console or via version command. Test directory traversal attempts should be blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in Serv-U logs
Multiple failed directory traversal attempts
Access to files outside normal FTP directory structure

Network Indicators:

Unusual patterns of file requests containing '../' sequences
Multiple failed file access attempts from single source

SIEM Query:

source="serv-u" AND ("../" OR "..\" OR "directory traversal")

📊 Metadata

CVE ID: CVE-2021-35250

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: April 25, 2022

Last Updated: November 21, 2024

🔗 References

https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-3-HotFix-1?language=en_US Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250 Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-3-HotFix-1?language=en_US Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35250, you might also want to check these: