Accellion File Transfer Appliance < 9_12_416 Multiple Vulnerabilities
critical Nessus Plugin ID 154933
Language:
Synopsis
The remote device is affected by multiple vulnerabilities.Description
The version of the remote Accellion Secure File Transfer Appliance is prior to 9_12_416. It is, therefore, affected by multiple vulnerabilities:- SQL injection via a crafted Host header in a request to an endpoint. (CVE-2021-27101)
- OS command execution via a local web service call. (CVE-2021-27102)
- SSRF via a crafted POST request to an endpoint. (CVE-2021-27103)
- OS command execution via a crafted POST request to various admin endpoints. (CVE-2021-27104)
Also, Accellion File Transfer Appliance is no longer supported by the vendor.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain other security vulnerabilities.
Solution
Update to version 9_12_416 or later, or upgrade to a more secure platform, kiteworks that is currently supported.See Also
Plugin Details
Severity: Critical
ID: 154933
File Name: accellion_fta_9_12_380.nasl
Version: 1.5
Type: remote
Family: CGI abuses
Published: 11/5/2021
Updated: 1/20/2022
Configuration: Enable paranoid mode
Risk Information
CVSS Score Source: CVE-2021-27104
VPR
Risk Factor: Critical
Score: 9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:H/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:accellion:secure_file_transfer_appliance
Required KB Items: installed_sw/Accellion Secure File Transfer Appliance, Settings/ParanoidReport
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/17/2020
Vulnerability Publication Date: 2/17/2020
CISA Known Exploited Dates: 11/17/2021
Reference Information
CVE: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104