Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities
Informations
Name VU#505560 First vendor Publication 2016-04-29
Vendor VU-CERT Last vendor Modification 2016-04-29
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#505560

Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities

Original Release date: 29 Apr 2016 | Last revised: 29 Apr 2016

Overview

The Accellion File Transfer Appliance (FTA) contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

The Accellion File Transfer appliance contains multiple vulnerabilities in versions below FTA_9_12_40.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2016-2350
The Accellion File Transfer Appliance versions below contains three cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary HTML content (including script) within the following:

  • move_partition_frame.html
  • getimageajax.php
  • wmInfo.html

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-2351
    The Accellion File Transfer Appliance contains a SQL injection vulnerability due to improper escaping of the parameter ‘client_id’ in `/home/seos/courier/security_key2.api, allowing an attacker to inject arbitrary code in ‘client_id,” and recover private data.

    CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')- CVE-2016-2352
    The Accellion File Transfer Appliance is vulnerable to command injection due to unsafe handling of restricted users utilizing the YUM_CLIENT. This allows a restricted user to execute any command via root permission.

    CWE-276: Incorrect Default Permissions - CVE-2016-2353
    The Accellion File Transfer Appliance is vulnerable to local privilege escalation due to a misconfiguration. By default, the appliance allows a restricted user to add their SSH key to an alternate user group with additional permissions.

    • Impact

    A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system and view sensitive data

    Solution

    Apply an update

    Affected uses should update to version FTA_9_12_40 as soon as possible.

    Vendor Information (Learn More)

    No information available. If you are a vendor and your product is affected, let us know.

    CVSS Metrics (Learn More)

    GroupScoreVector
    Base7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
    Temporal5.9E:POC/RL:OF/RC:ND
    Environmental4.4CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

    References

    • http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
    • http://cwe.mitre.org/data/definitions/276.html
    • http://cwe.mitre.org/data/definitions/79.html
    • https://cwe.mitre.org/data/definitions/77.html
    • http://cwe.mitre.org/data/definitions/89.html

    Credit

    Thanks to Orange Tsai for reporting these vulnerabilities

    This document was written by Deana Shick.

    Other Information

    • CVE IDs:CVE-2016-2350CVE-2016-2351CVE-2016-2352CVE-2016-2353
    • Date Public:21 Apr 2016
    • Date First Published:29 Apr 2016
    • Date Last Updated:29 Apr 2016
    • Document Revision:19

    Feedback

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

    Original Source

    Url : http://www.kb.cert.org/vuls/id/505560

    CWE : Common Weakness Enumeration

    % Id Name
    50 % CWE-264 Permissions, Privileges, and Access Controls
    25 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
    25 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

    CPE : Common Platform Enumeration

    TypeDescriptionCount
    Application 2

    Alert History

    If you want to see full details history, please login or register.
    0
    1
    2
    3
    Date Informations
    2016-05-10 21:38:16
    • Multiple Updates
    2016-05-10 06:01:19
    • Multiple Updates
    2016-05-07 21:35:35
    • Multiple Updates
    2016-04-30 00:24:53
    • First insertion