Vulnerability Note VU#505560
Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities
The Accellion File Transfer Appliance (FTA) contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Accellion File Transfer appliance contains multiple vulnerabilities in versions below FTA_9_12_40.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2016-2350
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-2351
The Accellion File Transfer Appliance contains a SQL injection vulnerability due to improper escaping of the parameter ‘client_id’ in `/home/seos/courier/security_key2.api, allowing an attacker to inject arbitrary code in ‘client_id,” and recover private data.
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')- CVE-2016-2352
The Accellion File Transfer Appliance is vulnerable to command injection due to unsafe handling of restricted users utilizing the YUM_CLIENT. This allows a restricted user to execute any command via root permission.
CWE-276: Incorrect Default Permissions - CVE-2016-2353
The Accellion File Transfer Appliance is vulnerable to local privilege escalation due to a misconfiguration. By default, the appliance allows a restricted user to add their SSH key to an alternate user group with additional permissions.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system and view sensitive data
Apply an update
Vendor Information (Learn More)
No information available. If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Thanks to Orange Tsai for reporting these vulnerabilities
This document was written by Deana Shick.
- CVE IDs: CVE-2016-2350 CVE-2016-2351 CVE-2016-2352 CVE-2016-2353
- Date Public: 21 Apr 2016
- Date First Published: 29 Apr 2016
- Date Last Updated: 29 Apr 2016
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.