SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
Microsoft has reported limited and targeted attacks using a 0-day exploit against this vulnerability.
CISA encourages users and administrators to review the SolarWinds advisory and install the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.