External risk intelligence

Accellion FTA SQL Injection Vulnerability Advisory Title.

CVE advisoryKnown Exploit

CVE-2021-27101

Accellion FTA is affected by a SQL injection vulnerability. Attackers can exploit this flaw by sending a crafted Host header, potentially leading to unauthorized access and modification of data. This presents a significant business risk to organizations using the affected software versions.

5Halo Surface Signal

SQL Injection

Accellion Fta

9_12_370 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2021-27101

Accellion FTA is a file transfer appliance specifically designed to be internet-facing to facilitate the transfer of files between an organization and external parties, making its web interface a public-facing service by design.

Horizon Alert

Summary of the vulnerability and why it matters

Accellion's FTA software is vulnerable to a flaw that allows unauthorized access to sensitive information. This weakness could lead to significant business disruptions if exploited. The vulnerability impacts organizations using specific versions of the Accellion FTA software.

Accellion FTA software
SQL injection via Host header
Data theft and system compromise

Attack Path

How an attacker could exploit the issue

The vulnerability allows an attacker to exploit a SQL injection flaw in Accellion's File Transfer Appliance. This occurs when a specially crafted Host header is sent in a request to a specific file. Successful exploitation can lead to unauthorized access and modification of data.

Exposure: Public-facing web service.
Attacker access: Send crafted request.
Trigger: SQL injection via Host header.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows an attacker to inject malicious SQL code through a crafted Host header, potentially leading to unauthorized access and modification of data. The exploitation requires no special privileges or conditions, meaning any attacker could attempt to exploit it. The potential for significant data compromise underscores the need for prompt attention.

Attackers need no special skill.
No access or conditions required.
High business risk or urgency.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Accellion FTA allows for unauthorized data access and modification due to a SQL injection flaw. Attackers can exploit this by sending a specially crafted Host header in a request. Organizations using the affected Accellion FTA versions should take immediate steps to address this critical security risk.

Find all affected Accellion FTA assets.
Reduce exposure or isolate risk.
Apply vendor fix, verify, and monitor.

Frequently asked questions

What is Accellion File Transfer Appliance (FTA) and its role?

Accellion's File Transfer Appliance (FTA) is a software solution designed for securely sharing large files that exceed email attachment size limits. It was commonly utilized by universities, government agencies, and businesses for this purpose. The product is considered a legacy system, over 20 years old, and has been retired by Accellion.

What is CVE-2021-27101's SQL injection weakness and its class?

CVE-2021-27101 is a critical SQL injection vulnerability (CWE-89) in Accellion FTA. This weakness allows attackers to inject malicious SQL code by manipulating the Host header in requests to the `document_root.html` endpoint, as the software incorporates user input directly into SQL queries instead of sanitizing it.

How can CVE-2021-27101 be triggered and what is the scope negation?

The vulnerability can be triggered by sending a specially crafted Host header in a request to the `document_root.html` endpoint of the Accellion FTA. The scope is not negated as this vulnerability affects the application's interaction with its database without requiring specific user privileges or conditions for exploitation.

What is the relevance of CVE-2021-27101 given its external exposure?

Accellion FTA is designed as an internet-facing service for file transfers, making its web interface a public-facing asset. This external exposure, combined with a critical CVSS v3.1 base score of 9.8, signifies a very likely threat scenario where attackers can exploit the SQL injection flaw remotely.

What practical steps should organizations take regarding Accellion FTA vulnerabilities?

Organizations using affected Accellion FTA versions should identify all vulnerable assets, reduce their exposure or isolate them, and apply the vendor-provided fix. Verification of the fix and ongoing monitoring are also crucial steps to address this critical security risk.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.