Four zero-day vulnerabilities were detected in Accellion’s File Transfer Appliance. Many offensive groups are targeting and exploiting actively those vulnerabilities.
The vulnerabilities have been undercovered in december 2020 and the other two in January 2021 :
- CVE-2021-27101 which allows for SQL injection
- CVE-2021-27104 enabling the attacker to perform command injection.
- CVE-2021-27102 also enabling command injection
- CVE-2021-27103 is an SSRF vulnerability
RECOMMENDED SOLUTION :
Accellion strongly recommends its customers to migrate and use their new firewall content platform Kiteworks.
The actors behind the cyberattacks remain unidentified as of today. However Mandiant is actively monitoring the potential connections and overlaps between UNC2546, the label for the perpetrator of this attack and other adversaries FIN11 and UNC2582.
For more information, refer to Accellion FTA end of life statement and migration support proposal, as well as Mandiant’s report and FireEye’s research on the threat.
Sources : FireEye, Accellion, Bleeping Computer, Qualys, LeMagIT