LDAP injection in Serv-U FTP Server

#VU59659 LDAP injection in Serv-U FTP Server

Published: 2022-01-17 | Updated: 2022-02-20

Vulnerability identifier: #VU59659

Vulnerability risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-35247

CWE-ID: CWE-90

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Serv-U FTP Server
Server applications / File servers (FTP/HTTP)

Vendor: SolarWinds

Description

The vulnerability allows a remote attacker to send unexpected characters to the LDAP server.

The vulnerability exists due to improper input validation when processing DLAP queries in Serv-U web login screen. A remote non-authenticated attacker can send a specially crafted request that can bypass implemented filtration and influence the initial LDAP query.

Note: No downstream affect has been detected as the LDAP servers ignored improper characters.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Serv-U FTP Server: 15.1 - 15.2.5

External links
http://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

LDAP injection in SolarWinds Serv-U