Share this article on:
Threat actors are actively taking advantage of a directory traversal vulnerability, CVE-2024-28995, that could lead to hackers accessing “sensitive data”.
Cyber security firm Fortinet’s researchers have released an advisory warning of the active exploitation of a vulnerability in SolarWinds Serv-U file transfer software.
FortiGuard Labs made the warning in a Threat Signal Report posted overnight on 17 July.
“Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine,” FortiGuard Labs said in its report.
“Successful exploitation could allow access to read sensitive files on the host machine. CISA has added CVE-2024-28995 to its Known Exploited Vulnerabilities (KEV) catalogue on July 17, 2024 and a publicly available proof-of-concept (PoC) exploit code is available.”
FortiGuard Labs’ advice is to apply a patch or upgrade the installation.
SolarWinds disclosed CVE-2024-28995 on 6 June, alongside a hotfix for the vulnerability; however, within a week, researchers at Rapid7 predicted that hackers would eventually take advantage of the “trivially exploitable” bug.
“High-severity information disclosure issues like CVE-2024-28995 can be used in smash-and-grab attacks where adversaries gain access to and attempt to quickly exfiltrate data from file transfer solutions with the goal of extorting victims,” Rapid7 said at the time.
“File transfer products have been targeted by a wide range of adversaries over the past several years, including ransomware groups.”
At the time of writing, Rapid7 reported that there were between 5,000 and 10,000 exposed Serv-U installations, though not all those were vulnerable. FortiGuard Labs’ own telemetry suggests there are currently 165 exposed machines online.
SolarWinds said, at the time, that it was not aware of any active exploitation and was “communicating transparently with customers to ensure they are aware of the steps they should take to apply the patch and better protect their environments”.
Cyber Daily has reached out to SolarWinds for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.