Analysis Summary

This week, SolarWinds released updates for several high-severity flaws in the SolarWinds Platform and Serv-U, including one that was discovered by a penetration tester employed by NATO. The most recent version of the SolarWinds Platform, 2024.2, is now available and includes remedies for three new security flaws in addition to other issues in third-party components.

The first issue is identified as a SWQL injection flaw and was reported by the NATO Communications and Information Agency. It is tracked as CVE-2024-28996. Using SWQL, a read-only, proprietary variant of SQL, users can query the SolarWinds database to retrieve network information. Additionally, SolarWinds released updates for two security flaws that affected the platform's web console; CVE-2024-28999, which was a race condition vulnerability, and CVE-2024-29004, which was a stored cross-site scripting (XSS) flaw that needed human interaction and high privileges to be successfully exploited.

The company says that SolarWinds Platform 2024.1 SR 1 and earlier versions are affected by the vulnerabilities. It is recommended that users update to the platform version 2024.2 as soon as they can. Fixes for eleven high and medium-severity OpenSSL flaws, some of which were discovered seven years ago, as well as a medium-severity Angular vulnerability are also included in the SolarWinds Platform release. It is possible to use the majority of these vulnerabilities to create a denial-of-service (DoS) scenario.

Additionally, this week saw the release of a hotfix by SolarWinds for CVE-2024-28995, a high-severity directory transversal vulnerability in Serv-U that might have enabled threat actors access to the host system's private data. Serv-U 15.4.2 hotfix 1 and earlier versions, such as Serv-U FTP Server, Serv-U Gateway, and Serv-U MFT Server, are affected by the flaw, which has a CVSS score of 8.6. The issue is fixed by Serv-U 15.4.2 hotfix 2, which works with Linux and Windows operating systems. SolarWinds has reported none of these vulnerabilities as being exploited in the wild. It is recommended that users and administrators apply the available fixes as soon as possible.

Impact

• Denial of Service
• Cross-Site Scripting
• Data Manipulation

Indicators of Compromise

CVE

• CVE-2024-28996
• CVE-2024-28999
• CVE-2024-29004

Affected Vendors

Remediation

• Upgrade to the latest version of SolarWinds Platform, available from the SolarWinds Website.
• Organizations must test their assets for the vulnerabilities mentioned above and apply the available security patches or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.