DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv
| Our reference | DIVD-2024-00028 |
| Case lead | Stan Plasmeijer |
| Author | Max van der Horst |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Install the provided hotfix 2 as soon as possible to patch the vulnerability. |
| Patch status | Available |
| Workaround | None |
| Status | Closed |
| Last modified | 17 Oct 2024 10:44 CEST |
Summary
SolarWinds U-Serv was vulnerable to a Local File Inclusion vulnerability caused by a Path Traversal vulnerability that allows an attacker to read sensitive information from the host server. Leaking this information could lead to an attacker compromising the server.
Recommendations
SolarWinds released a hotfix for version 15.4.2. Install this hotfix as soon as possible, the corresponding version number is 15.4.2 HF2 (15.4.2.157).
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of SolarWinds U-Serv and to notify these parties. We do this by looking at the version numbers if possible and otherwise verifying the presence of the vulnerability in a harmless manner.
Timeline
| Date | Description |
|---|---|
| 21 Jun 2024 | DIVD starts researching the vulnerability. |
| 21 Jun 2024 | DIVD finds fingerprint, preparing to scan. |
| 22 Jun 2024 | DIVD starts scanning the internet for vulnerable instances. |
| 22 Jun 2024 | DIVD starts notifying network owners with a vulnerable instance in their network. |
| 12 Jul 2024 | DIVD rescans the internet for vulnerable instances |
| 12 Jul 2024 | DIVD starts notifying network owners with a vulnerable instance for the second time |
| 17 Oct 2024 | DIVD rescans the internet for vulnerable instances |
| 17 Oct 2024 | DIVD starts notifying network owners with a vulnerable instance for the third time |
| 17 Oct 2024 | Case closed |
gantt
title DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv (118 days) :2024-06-21, 2024-10-17
section Events
DIVD starts researching the vulnerability. : milestone, 2024-06-21, 0d
DIVD finds fingerprint, preparing to scan. : milestone, 2024-06-21, 0d
DIVD starts scanning the internet for vulnerable instances. : milestone, 2024-06-22, 0d
DIVD starts notifying network owners with a vulnerable instance in their network. : milestone, 2024-06-22, 0d
DIVD rescans the internet for vulnerable instances : milestone, 2024-07-12, 0d
DIVD starts notifying network owners with a vulnerable instance for the second time : milestone, 2024-07-12, 0d
DIVD rescans the internet for vulnerable instances : milestone, 2024-10-17, 0d
DIVD starts notifying network owners with a vulnerable instance for the third time : milestone, 2024-10-17, 0d
Case closed : milestone, 2024-10-17, 0d