Unconfirmed connection to recently detailed web shell on FTA instance This blog post was published on February 19 and reflects VPR at that time. *Please note Tenable VPR scores are calculated nightly. Successful exploitation of these flaws may allow attackers to view and exfiltrate files from vulnerable FTA instances.
#ACCELLION FILE TRANSFER APPLIANCE UPDATE#
While details for these vulnerabilities are quite limited, we intend to update this blog as more detailed information becomes available. An attacker with local access and low privileges could exploit this vulnerability. An unauthenticated, remote attacker could exploit the flaw by sending a specially crafted POST request to an FTA administrative endpoint.ĬVE-2021-27102 is another OS command injection vulnerability. An unauthenticated, remote attacker could exploit the flaw by sending a specially crafted POST request to the wmProgressstat file on a vulnerable FTA endpoint.ĬVE-2021-27104 is an OS command injection vulnerability. An unauthenticated, remote attacker could exploit the flaw by sending a specially crafted request as part of the Host header to the document_root file on a vulnerable FTA endpoint.ĬVE-2021-27103 is a Server-Side Request Forgery (SSRF) vulnerability. AnalysisĪt the time this blog post was published, three of the four vulnerabilities received a CVSSv3 score of 9.8, while the fourth was assigned a score of 7.8.ĬVE-2021-27101 is a SQL injection vulnerability. On February 16, Accellion published the first descriptions for four vulnerabilities in FTA on its GitHub page. 2 statement did not share any specific details about these flaws or the versions of FTA that may be impacted.Īt the time this blog post was published, at least 11 organizations had publicly confirmed being victims of data breaches associated with FTA. In a subsequent statement on February 2, Accellion noted that in the weeks since the first P0 vulnerability was disclosed, it had identified “additional exploits” in FTA and had patched each of those vulnerabilities. Throughout January, multiple companies came forward acknowledging data breaches linked to Accellion’s FTA.
The statement revealed the presence of a “P0 (priority zero) vulnerability” in its File Transfer Appliance (FTA), a cloud or on-premises based solution for organizations to “transfer large and sensitive files.” The vulnerability was patched "within 72 hours" and affected "less than 50 customers," according to the Accellion statement. On January 12, Accellion, a private cloud solutions company, published a statement regarding a security incident involving one of its customers. Update February 22, 2021: The scoring and details of CVE-2021-27102 were updated to reflect the addition of further details to its NVD entry. Accellion recently released patches addressing four vulnerabilities in its File Transfer Appliance, a tool linked to a growing list of data breaches since December.
0 kommentar(er)
