Vulnerabilities > CVE-2016-2353 - Local Privilege Escalation vulnerability in Accellion File Transfer Appliance 80540

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

accellion

NVD

Published: 2016-05-07

Updated: 2016-05-10

Summary

The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. <a href="https://cwe.mitre.org/data/definitions/276.html">CWE-276: Incorrect Default Permissions</a>

Vulnerable Configurations

Part	Description	Count
Application	Accellion Accellion File Transfer Appliance 8_0_540	1

References

http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
http://www.kb.cert.org/vuls/id/505560