Detections
Analytics

CVE-2021-27104

critical

Description

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

From the Tenable Blog

Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104)
Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104)

Published: 2021-02-19

Accellion recently released patches addressing four vulnerabilities in its File Transfer Appliance, a tool linked to a growing list of data breaches since December. Update February 22, 2021: The scoring and details of CVE-2021-27102 were updated to reflect the addition of further details to its NVD entry.

References

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a

https://www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/

https://www.tenable.com/blog/faq-for-moveit-transfer-vulnerabilities-cve-2023-34362-and-cl0p-ransomware-gang

https://www.tenable.com/blog/behind-the-scenes-how-we-picked-2021s-top-vulnerabilities-and-what-we-left-out

https://www.tenable.com/blog/accellion-patches-file-transfer-appliance-vulnerabilities-cve-2021-27101-cve-2021-27102-cve-2021-27103-cve-2021-27104

https://www.accellion.com/products/fta/

https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt

Details

Source: Mitre, NVD

Published: 2021-02-16

Updated: 2025-03-14

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05469