Description
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tim Brown · textlocallinux
https://www.exploit-db.com/exploits/33623
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38176
Exploit x_refsource_misc
http://www.portcullis-security.com/338.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56248
Scores
EPSS
0.0077
EPSS Percentile
73.6%
Details
CWE
CWE-264
Status
published
Products (5)
accellion/secure_file_transfer_appliance
7_0_135
accellion/secure_file_transfer_appliance
7_0_178
accellion/secure_file_transfer_appliance
7_0_189
accellion/secure_file_transfer_appliance
7_0_259
accellion/secure_file_transfer_appliance
7_0_296
Published
Feb 19, 2010
Tracked Since
Feb 18, 2026