Description
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
Affected products
- Accellion / secure_file_transfer_appliance7_0_135 – 7_0_135
- Accellion / secure_file_transfer_appliance7_0_178 – 7_0_178
- Accellion / secure_file_transfer_appliance7_0_189 – 7_0_189
- Accellion / secure_file_transfer_appliance7_0_259 – 7_0_259
- Accellion / secure_file_transfer_appliance7_0_296 – 7_0_296