admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-05 18:23:57 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7565dc419b5b472bfebdf330c9873241a60bef2e
nuclei-templates/javascript/cves/2021/CVE-2021-35211
Dhiyaneshwaran febd286907 Revise CVE-2021-35211 details and tags 
Updated the description and impact of the CVE-2021-35211 entry for clarity. Added remediation steps and modified tags.
2025-10-27 13:11:19 +05:30

61 lines
2.1 KiB
Plaintext
Raw Blame History

id: CVE-2021-35211
info:
name: SolarWinds Serv-U FTP - Remote Code Execution
author: pussycat0x
severity: critical
description: |
SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 contain a remote memory escape caused remote code execution vulnerability, letting attackers gain privileged access, exploit requires remote attacker to send crafted memory operations.
impact: |
Attackers can execute arbitrary code with high privileges on the affected system, potentially leading to full system compromise.
remediation: |
Update to version 15.2.3 HF2 or later.
reference:
- https://github.com/BishopFox/CVE-2021-35211
- https://www.rapid7.com/db/vulnerabilities/solarwinds-serv-u-cve-2021-35211/
- https://www.microsoft.com/en-us/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
metadata:
verified: true
max-request: 1
shodan-query: "SSH-2.0-Serv-U"
tags: js,enum,ssh,misconfig,network,kev,vkev,passive
javascript:
- pre-condition: |
isPortOpen(Host,Port);
code: |
let m = require("nuclei/ssh");
let c = m.SSHClient();
let response = c.ConnectSSHInfoMode(Host, Port);
// Convert response to string if it's an object
let responseStr = typeof response === 'string' ? response : JSON.stringify(response);
let jsonStart = responseStr.indexOf('{');
let jsonEnd = responseStr.lastIndexOf('}') + 1;
let jsonString = responseStr.substring(jsonStart, jsonEnd);
let result = JSON.parse(jsonString);
Export(result.ServerID.Raw);
args:
Host: "{{Host}}"
Port: "22"
matchers:
- type: dsl
dsl:
- "success == true"
- "contains(response, 'SSH-2.0-Serv-U')"
- "compare_versions(version, ' < 15.2.3.742')"
condition: and
extractors:
- type: regex
name: version
part: response
group: 1
regex:
- 'SSH-2.0-Serv-U_(\d+\.\d+\.\d+)(?:\.(\d+))?'
Reference in New Issue View Git Blame Copy Permalink