Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities
Original Release date: 29 Apr 2016 | Last revised: 29 Apr 2016

Overview
The Accellion File Transfer Appliance (FTA) contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description
The Accellion File Transfer appliance contains multiple vulnerabilities in versions below FTA_9_12_40.
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2016-2350The Accellion File Transfer Appliance versions below contains three cross-site scripting (XSS) vulnerabilities.

An attacker can inject arbitrary HTML content (including script) within the following:
move_partition_frame.html
getimageajax.php
wmInfo.htmlCWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) – CVE-2016-2351The Accellion File Transfer Appliance contains a SQL injection vulnerability due to improper escaping of the parameter ‘client_id’ in `/home/seos/courier/security_key2.api, allowing an attacker to inject arbitrary code in ‘client_id,” and recover private data.CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)- CVE-2016-2352The Accellion File Transfer Appliance is vulnerable to command injection due to unsafe handling of restricted users utilizing the YUM_CLIENT.

This allows a restricted user to execute any command via root permission.

CWE-276: Incorrect Default Permissions – CVE-2016-2353The Accellion File Transfer Appliance is vulnerable to local privilege escalation due to a misconfiguration.

By default, the appliance allows a restricted user to add their SSH key to an alternate user group with additional permissions.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system and view sensitive data
Solution
Apply an updateAffected uses should update to version FTA_9_12_40 as soon as possible.
Vendor Information (Learn More)

No information available.
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group
Score
Vector
Base
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal
5.9
E:POC/RL:OF/RC:ND
Environmental
4.4
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Orange Tsai for reporting these vulnerabilities
This document was written by Deana Shick.

Other Information

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.