CVE-2021-20655

HIGH EXPLOITED IN THE WILD RANSOMWARE

FileZen <4.2.7, >5.0.2 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-20655 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.

Description

FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

References (2)

Core 2
Core References
Exploit, Vendor Advisory x_refsource_misc
https://www.soliton.co.jp/support/2021/004334.html
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN58774946/index.html

Scores

CVSS v3 7.2
EPSS 0.0397
EPSS Percentile 89.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-06-22
InTheWild.io 2021-10-21
Ransomware Use Confirmed
CWE
CWE-78
Status published
Products (1)
soliton/filezen 3.0.0 - 4.2.7
Published Feb 17, 2021
Tracked Since Feb 18, 2026