The Accellion File Transfer Appliance (FTA) contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Accellion File Transfer appliance contains multiple vulnerabilities in versions below FTA_9_12_40.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2016-2350
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-2351
The Accellion File Transfer Appliance contains a SQL injection vulnerability due to improper escaping of the parameter 𠆌lient_id’ in `/home/seos/courier/security_key2.api, allowing an attacker to inject arbitrary code in 𠆌lient_id,” and recover private data.
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')- CVE-2016-2352
The Accellion File Transfer Appliance is vulnerable to command injection due to unsafe handling of restricted users utilizing the YUM_CLIENT. This allows a restricted user to execute any command via root permission.
CWE-276: Incorrect Default Permissions - CVE-2016-2353
The Accellion File Transfer Appliance is vulnerable to local privilege escalation due to a misconfiguration. By default, the appliance allows a restricted user to add their SSH key to an alternate user group with additional permissions.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system and view sensitive data
Apply an update
Thanks to Orange Tsai for reporting these vulnerabilities
This document was written by Deana Shick.