// For flags

CVE-2021-27102

Accellion FTA OS Command Injection Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

Accellion versiones FTA 9_12_411 y anteriores, está afectada por una ejecución de comandos del Sistema Operativo por medio de una llamada de servicio web local. La versión corregida es FTA_9_12_416 y posteriores

Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-02-10 CVE Reserved
  • 2021-02-16 CVE Published
  • 2021-11-03 Exploited in Wild
  • 2021-11-17 KEV Due Date
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Accellion
Search vendor "Accellion"
Fta
Search vendor "Accellion" for product "Fta"
<= 9_12_411
Search vendor "Accellion" for product "Fta" and version " <= 9_12_411"
-
Affected