What is it?
SolarWinds Serv-U provides Managed File Transfer over HTTP. Versions 15.5.3 and earlier contain a programming error that gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges.
Why is it a risk?
Allowing users to create accounts with higher privileges than they were originally assigned is an obvious risk.
The vulnerability has a score of CRITICAL on non-Windows networks. On Windows networks it has a score of MEDIUM because services generally run under less privileged accounts.
How can you mitigate the risk?
SolarWinds released Serv-U 15.5.4, which is suitable for both Windows and Linux contains fixes for this and three other vulnerabilities.
Admins are advised to update their Serv-U instances as soon as possible.
The SolarWinds 15.5.4 release notes contains a detailed explanation of the risks and provides a link for upgrading your installation.
Resources:
SolarWinds 15.5.4 release notes
https://documentation.solarwinds.com/en/success_center/servu/content/servu_installation_guide.htm
