CVE-2021-27104 | Cybersecurity Alerts | Nexus IT Services, LLC

← Back to Cybersecurity Alerts

CVE-2021-27104

Accellion | FTAAdded 2021-11-03Remediation Deadline 2021-11-17Active Ransomware Campaign

Accellion FTA OS Command Injection Vulnerability

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-20

CWE-78

References

https://nvd.nist.gov/vuln/detail/CVE-2021-27104