CVE-2021-27102

Published Feb 16, 2021

Last updated 6 days ago

Accellion FTA

Overview

AI description

Automated description summarized from trusted sources.

CVE-2021-27102 is an OS command execution vulnerability that affects Accellion FTA version 9_12_411 and earlier. It can be exploited through a local web service call. The vulnerability arises because the software constructs an OS command using externally influenced input without properly neutralizing special elements that could modify the intended command. The fixed version of Accellion FTA is FTA_9_12_416 and later.

Description: Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
Source: cve@mitre.org
NVD status: Modified
Products: fta

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: Accellion FTA OS Command Injection Vulnerability
Exploit added on: Nov 3, 2021
Exploit action due: Nov 17, 2021
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-78
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:accellion:fta:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7BD1EA0-8D9D-449C-9D0A-1641EC942F77",
            "versionEndIncluding": "9_12_411"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.