Sign-up

ID

VAR-202004-0653


CVE

CVE-2019-5623


TITLE

Accellion File Transfer Appliance operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-27444 // CNNVD: CNNVD-202004-2439

DESCRIPTION

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). (DoS) It may be put into a state. Accellion File Transfer Appliance is a file transfer device of American Accellion company. This product supports online sharing and file synchronization using AES 128/256. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands

Trust: 2.25

sources: NVD: CVE-2019-5623 // JVNDB: JVNDB-2019-015546 // CNVD: CNVD-2020-27444 // VULMON: CVE-2019-5623

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27444

AFFECTED PRODUCTS

vendor:accellionmodel:file transfer appliancescope:eqversion:8_0_540

Trust: 1.0

vendor:accellionmodel:file transfer appliancescope:eqversion:fta_8_0_540

Trust: 0.8

vendor:accellionmodel:file transfer appliance fta 8 0 540scope: - version: -

Trust: 0.6

vendor:accellionmodel:file transfer appliancescope:eqversion:8 0 540

Trust: 0.1

sources: CNVD: CNVD-2020-27444 // VULMON: CVE-2019-5623 // JVNDB: JVNDB-2019-015546 // NVD: CVE-2019-5623

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5623
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015546
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-27444
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2439
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-5623
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-5623
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015546
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27444
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5623
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015546
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27444 // VULMON: CVE-2019-5623 // JVNDB: JVNDB-2019-015546 // CNNVD: CNNVD-202004-2439 // NVD: CVE-2019-5623

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-77

Trust: 1.0

sources: JVNDB: JVNDB-2019-015546 // NVD: CVE-2019-5623

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2439

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2439

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015546

PATCH
title:Top Pageurl:https://www.accellion.com/
Trust: 0.8
title:Patch for Accellion File Transfer Appliance operating system command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216963
Trust: 0.6
title:Accellion File Transfer Appliance Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117934
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27444 // 
            
            
            
            JVNDB: JVNDB-2019-015546 // 
            
            
            
            CNNVD: CNNVD-202004-2439

EXTERNAL IDS
db:NVDid:CVE-2019-5623
Trust: 3.1
db:JVNDBid:JVNDB-2019-015546
Trust: 0.8
db:CNVDid:CNVD-2020-27444
Trust: 0.6
db:CNNVDid:CNNVD-202004-2439
Trust: 0.6
db:VULMONid:CVE-2019-5623
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27444 // 
            
            
            
            VULMON: CVE-2019-5623 // 
            
            
            
            JVNDB: JVNDB-2019-015546 // 
            
            
            
            CNNVD: CNNVD-202004-2439 // 
            
            
            
            NVD: CVE-2019-5623

REFERENCES
url:https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-5623
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5623
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5623 // 
            
            
            
            JVNDB: JVNDB-2019-015546 // 
            
            
            
            CNNVD: CNNVD-202004-2439 // 
            
            
            
            NVD: CVE-2019-5623

SOURCES
db:CNVDid:CNVD-2020-27444
db:VULMONid:CVE-2019-5623
db:JVNDBid:JVNDB-2019-015546
db:CNNVDid:CNNVD-202004-2439
db:NVDid:CVE-2019-5623

LAST UPDATE DATE
2024-11-23T22:51:27.358000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27444date:2020-05-09T00:00:00
db:VULMONid:CVE-2019-5623date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2019-015546date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2439date:2020-05-15T00:00:00
db:NVDid:CVE-2019-5623date:2024-11-21T04:45:15.510

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27444date:2020-05-09T00:00:00
db:VULMONid:CVE-2019-5623date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2019-015546date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2439date:2020-04-29T00:00:00
db:NVDid:CVE-2019-5623date:2020-04-29T23:15:13.220