{"vuid":"VU#505560","idnumber":"505560","name":"Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities","keywords":["XXS","SQLi","Local Privledge Escelation","Remote Code Execution"],"overview":"The Accellion File Transfer Appliance (FTA)  contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"The Accellion File Transfer appliance contains multiple vulnerabilities in versions below FTA_9_12_40. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2016-2350\nThe Accellion File Transfer Appliance versions below contains three cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary HTML content (including script) within the following: move_partition_frame.html\ngetimageajax.php\nwmInfo.html CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-2351\nThe Accellion File Transfer Appliance contains a SQL injection vulnerability due to improper escaping of the parameter ‘client_id’ in `/home/seos/courier/security_key2.api, allowing an attacker to inject arbitrary code in ‘client_id,” and recover private data. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')- CVE-2016-2352\nThe Accellion File Transfer Appliance is vulnerable to command injection due to unsafe handling of restricted users utilizing the YUM_CLIENT. This allows a restricted user to execute any command via root permission. CWE-276: Incorrect Default Permissions - CVE-2016-2353\nThe Accellion File Transfer Appliance is vulnerable to local privilege escalation due to a misconfiguration. By default, the appliance allows a restricted user to add their SSH key to an alternate user group with additional permissions.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system and view sensitive data","resolution":"Apply an update Affected uses should update to version FTA_9_12_40 as soon as possible.","workarounds":"","sysaffected":"","thanks":"Thanks to Orange Tsai for reporting these vulnerabilities","author":"This document was written by Deana Shick.","public":["http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/","http://cwe.mitre.org/data/definitions/276.html","http://cwe.mitre.org/data/definitions/79.html","https://cwe.mitre.org/data/definitions/77.html","http://cwe.mitre.org/data/definitions/89.html"],"cveids":["CVE-2016-2350","CVE-2016-2351","CVE-2016-2352","CVE-2016-2353"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-03-21T14:59:32Z","publicdate":"2016-04-21T00:00:00Z","datefirstpublished":"2016-04-29T19:44:09Z","dateupdated":"2016-04-29T19:44:09Z","revision":21,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.5","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.9","cvss_environmentalscore":"4.39536605221744","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}