CVE-2021-35211

CRITICAL KEV RANSOMWARE NUCLEI

SolarWinds Serv-U <15.2.3 HF2 - RCE

Title source: llm

Description

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

Exploits (4)

nomisec WORKING POC 12 stars

by NattiSamson · remote

https://github.com/NattiSamson/Serv-U-CVE-2021-35211

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by 0xhaggis · remote

https://github.com/0xhaggis/CVE-2021-35211

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/BishopFox/CVE-2021-35211

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/bishopfox/cve-2021-35211

View Code ZIP pw:eip

Nuclei Templates (1)

SolarWinds Serv-U FTP - Remote Code Execution

CRITICALVERIFIEDby pussycat0x

Shodan: SSH-2.0-Serv-U

References (3)

[Patch, Vendor Advisory] https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit

[Patch, Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35211

Scores

CVSS v3 9.0

EPSS 0.9432

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-07-13

InTheWild.io 2021-07-13

ENISA EUVD EUVD-2021-21854

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (2)

solarwinds/serv-u 15.2.3 (2 CPE variants)

solarwinds/serv-u < 15.2.3

Published Jul 14, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026