CVE-2024-28995: 
Serv-U Managed File Transfer Server vulnerability analysis and mitigation

CVE-2024-28995 is a high-severity directory traversal vulnerability affecting SolarWinds Serv-U file transfer server (both Serv-U FTP and Serv-U MFT editions). The vulnerability was discovered by Hussein Daher and disclosed by SolarWinds on June 5, 2024. The vulnerability affects SolarWinds Serv-U 15.4.2 HF 1 and previous versions (SolarWinds Advisory, Rapid7).

The vulnerability is a directory traversal issue that allows unauthenticated attackers to read any file on the target server's disk, including binary files, provided they know the path and the file is not locked by another process. The vulnerability has been assigned a CVSS v3.1 base score of 8.6 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. Internet exposure estimates for SolarWinds Serv-U vary between 5,434 and 9,470 instances (Rapid7).

Successful exploitation of this vulnerability allows attackers to read sensitive files on the host machine. This high-severity information disclosure issue can be used in smash-and-grab attacks where adversaries gain access to and attempt to quickly exfiltrate data from file transfer solutions with the goal of extorting victims (Rapid7).

SolarWinds has released a fix in version 15.4.2 HF 2. Organizations are strongly advised to apply the vendor-provided hotfix immediately, without waiting for a regular patch cycle. CISA has set a due date of August 7, 2024, for federal agencies to apply the mitigations (NVD, Rapid7).

Security researchers have been actively monitoring exploit attempts through honeypots, revealing patterns in attacker behavior and the specific files being targeted. The vulnerability has garnered significant attention from the security community due to its trivial exploitability and potential impact (GreyNoise).