CERTVU:505560Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.8%
Overview
The Accellion File Transfer Appliance (FTA) contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
The Accellion File Transfer appliance contains multiple vulnerabilities in versions below FTA_9_12_40.
CWE-79: Improper Neutralization of Input During Web Page Generation (βCross-site Scriptingβ) - CVE-2016-2350
The Accellion File Transfer Appliance versions below contains three cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary HTML content (including script) within the following:
* move_partition_frame.html
* getimageajax.php
* wmInfo.html
CWE-89:** Improper Neutralization of Special Elements used in an SQL Command (βSQL Injectionβ)** - CVE-2016-2351
The Accellion File Transfer Appliance contains a SQL injection vulnerability due to improper escaping of the parameter π lient_idβ in `/home/seos/courier/security_key2.api, allowing an attacker to inject arbitrary code in π lient_id,β and recover private data.
CWE-77:** Improper Neutralization of Special Elements used in a Command (βCommand Injectionβ)-** CVE-2016-2352
The Accellion File Transfer Appliance is vulnerable to command injection due to unsafe handling of restricted users utilizing the YUM_CLIENT. This allows a restricted user to execute any command via root permission.
CWE-276:** Incorrect Default Permissions** - CVE-2016-2353
The Accellion File Transfer Appliance is vulnerable to local privilege escalation due to a misconfiguration. By default, the appliance allows a restricted user to add their SSH key to an alternate user group with additional permissions.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system and view sensitive data
Solution
Apply an update
Affected uses should update to version FTA_9_12_40 as soon as possible.
Vendor Information
Javascript is disabled. Click here to view vendors.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Temporal | 5.9 | E:POC/RL:OF/RC:ND |
| Environmental | 4.4 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/>
- <http://cwe.mitre.org/data/definitions/276.html>
- <http://cwe.mitre.org/data/definitions/79.html>
- <https://cwe.mitre.org/data/definitions/77.html>
- <http://cwe.mitre.org/data/definitions/89.html>
Acknowledgements
Thanks to Orange Tsai for reporting these vulnerabilities
This document was written by Deana Shick.
Other Information
| CVE IDs: | CVE-2016-2350, CVE-2016-2351, CVE-2016-2352, CVE-2016-2353 |
|---|---|
| Date Public: | 2016-04-21 Date First Published: |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.8%