Detections
Analytics
CVE-2021-27102
high
Description
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
From the Tenable Blog
Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104)
Published: 2021-02-19
Accellion recently released patches addressing four vulnerabilities in its File Transfer Appliance, a tool linked to a growing list of data breaches since December. Update February 22, 2021: The scoring and details of CVE-2021-27102 were updated to reflect the addition of further details to its NVD entry.
References
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
https://www.accellion.com/products/fta/
https://github.com/accellion/CVEs/blob/main/CVE-2021-27102.txt