Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Accellion FTA OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2021-27102

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2021-27102	Accellion FTA OS Command Injection Vulnerability	secondary_impact	T1005	Data from Local System	Comments CVE-2021-27102 is an operating system command execution vulnerability in Accellion File Transfer Appliance that allows an adversary to execute arbitrary commands via a local web service call. References https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
CVE-2021-27102	Accellion FTA OS Command Injection Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments CVE-2021-27102 is an operating system command execution vulnerability in Accellion File Transfer Appliance that allows an adversary to execute arbitrary commands via a local web service call. References https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/
CVE-2021-27102	Accellion FTA OS Command Injection Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments CVE-2021-27102 is an operating system command execution vulnerability in Accellion File Transfer Appliance that allows an adversary to execute arbitrary commands via a local web service call. References https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a