HomePentest-Tools.com Logo

Accellion FTA Remote Command Execution Vulnerability CVE-2015-2857

Severity
CVSSv3 Score
9.8
Vulnerability description

Accellion FTA is prone to a remote command execution vulnerability

Risk description

The vulnerability is due to insufficient sanitization of the oauth_token parameter. The parameter is passed into the system() command line through multiple mod_perl handlers. An unauthenticated attacker can gain complete access to the appliance.

Recommendation

Upgrade to version 9.11.210 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 22, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available