cbcvebase.
CVE-2009-4648
published 2010-02-19

CVE-2009-4648: Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo…

PriorityP337high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.82%
52.7th percentile
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.

Affected

5 ranges
VendorProductVersion rangeFixed in
accellionsecure_file_transfer_appliance
accellionsecure_file_transfer_appliance
accellionsecure_file_transfer_appliance
accellionsecure_file_transfer_appliance
accellionsecure_file_transfer_appliance
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.