Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
Published 2017-08-22 15:29:00
Updated 2020-09-09 15:11:20
Source CERT/CC
View at NVD,   CVE.org
Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2015-2857

95.82%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-2857

  • Accellion FTA getStatus verify_oauth_token Command Execution
    Disclosure Date: 2015-07-10
    First seen: 2020-04-26
    exploit/linux/http/accellion_fta_getstatus_oauth
    This module exploits a metacharacter shell injection vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'oauth_token' is passed into a system() call within a mod_perl handler. This module exploits the '/tws/

CVSS scores for CVE-2015-2857

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2015-2857

References for CVE-2015-2857

Products affected by CVE-2015-2857

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!