Accellion FTA getStatus command injection

Added: 07/16/2015
CVE: CVE-2015-2857

Background

The Accellion File Transfer Appliance is a solution for secure file sharing.

Problem

A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauth_token parameter to the getStatus action.

Resolution

Apply software update FTA_9_11_210.

References

https://www.exploit-db.com/exploits/37597/

Limitations

Exploit works on software version FTA_9_11_200.

Platforms

Linux

Back to exploit index