Skip to the content.

DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv

Our reference DIVD-2024-00028
Case lead Stan Plasmeijer
Author Max van der Horst
Researcher(s)
CVE(s)
Products
  • SolarWinds U-Serv
Versions
  • Everything lower than 15.4.2 HF2 (15.4.2.157)
Recommendation Install the provided hotfix 2 as soon as possible to patch the vulnerability.
Patch status Available
Workaround None
Status Open
Last modified 12 Jul 2024 16:02

Summary

SolarWinds U-Serv was vulnerable to a Local File Inclusion vulnerability caused by a Path Traversal vulnerability that allows an attacker to read sensitive information from the host server. Leaking this information could lead to an attacker compromising the server.

Recommendations

SolarWinds released a hotfix for version 15.4.2. Install this hotfix as soon as possible, the corresponding version number is 15.4.2 HF2 (15.4.2.157).

What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of SolarWinds U-Serv and to notify these parties. We do this by looking at the version numbers if possible and otherwise verifying the presence of the vulnerability in a harmless manner.

Timeline

Date Description
21 Jun 2024 DIVD starts researching the vulnerability.
21 Jun 2024 DIVD finds fingerprint, preparing to scan.
22 Jun 2024 DIVD starts scanning the internet for vulnerable instances.
22 Jun 2024 DIVD starts notifying network owners with a vulnerable instance in their network.
12 Jul 2024 DIVD rescans the internet for vulnerable instances
12 Jul 2024 DIVD starts notifying network owners with a vulnerable instance for the second time
gantt title DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv (still open) :2024-06-21, 2024-07-20 section Events DIVD starts researching the vulnerability. : milestone, 2024-06-21, 0d DIVD finds fingerprint, preparing to scan. : milestone, 2024-06-21, 0d DIVD starts scanning the internet for vulnerable instances. : milestone, 2024-06-22, 0d DIVD starts notifying network owners with a vulnerable instance in their network. : milestone, 2024-06-22, 0d DIVD rescans the internet for vulnerable instances : milestone, 2024-07-12, 0d DIVD starts notifying network owners with a vulnerable instance for the second time : milestone, 2024-07-12, 0d

More information