Solarwinds has released updates to address a critical remote code execution (RCE) vulnerability in their “Serv-U Managed File Transfer” and “Serv-U Secure FTP” products.
This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.
System administrators are urged to immediately log in to their customer portal and install the “Serv-U version 15.2.3 hotfix (HF) 2” update.
Solarwinds Serv-U Security Advisory for Serv-U Remote Memory Escape Vulnerability
ZDNet: SolarWinds releases security advisory after Microsoft says customers ‘targeted’ through vulnerability