CVE-2019-5622 – CVE-2019-5622 is a critical vulnerability in Ac... (How to Fix)

Q: What is the severity of CVE-2019-5622?

CVE-2019-5622 has a CVSS score of 9.8 (CRITICAL). CVE-2019-5622 is a critical vulnerability in Accellion File Transfer Appliance where hard-coded credentials allow attackers to gain unauthorized access. This affects organizations using the vulnerable version of the Accellion FTA software for secure file transfers. Attackers can exploit these credentials to compromise the appliance and potentially access sensitive data.

📋 TL;DR

CVE-2019-5622 is a critical vulnerability in Accellion File Transfer Appliance where hard-coded credentials allow attackers to gain unauthorized access. This affects organizations using the vulnerable version of the Accellion FTA software for secure file transfers. Attackers can exploit these credentials to compromise the appliance and potentially access sensitive data.

💻 Affected Systems

Products:

Accellion File Transfer Appliance

Versions: FTA_8_0_540

Operating Systems: Linux-based appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: This is a specific version of the Accellion FTA appliance software. The vulnerability exists in the default configuration.

📦 What is this software?

File Transfer Appliance by Accellion

View all CVEs affecting File Transfer Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Accellion FTA appliance leading to data exfiltration, ransomware deployment, and lateral movement into connected networks.

🟠

Likely Case

Unauthorized access to the file transfer system allowing attackers to view, modify, or delete sensitive files being transferred through the appliance.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though credentials could still be discovered and used if the system is accessible.

🌐 Internet-Facing: HIGH - The vulnerability involves hard-coded credentials that can be easily discovered and used if the appliance is exposed to the internet.

🏢 Internal Only: MEDIUM - While less exposed, internal attackers or compromised internal systems could still exploit the hard-coded credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Metasploit modules exist for exploitation. The hard-coded credentials make exploitation straightforward once discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after FTA_8_0_540

Vendor Advisory: https://www.accellion.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Upgrade to a patched version of Accellion FTA (post FTA_8_0_540). 2. Follow Accellion's upgrade documentation. 3. Restart the appliance services after upgrade.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to the Accellion FTA appliance to only trusted IP addresses and networks.

Credential Rotation

all

If possible, change any default or hard-coded credentials that can be modified through the appliance interface.

🧯 If You Can't Patch

Immediately isolate the Accellion FTA appliance from internet access and restrict internal network access
Implement enhanced monitoring and alerting for suspicious access attempts to the appliance

🔍 How to Verify

Check if Vulnerable:

Check the Accellion FTA version via the web interface or SSH to the appliance and run version check commands specific to the appliance.

Check Version:

Check via Accellion web admin interface or consult appliance documentation for version check commands

Verify Fix Applied:

Verify the appliance version is updated beyond FTA_8_0_540 and test that the previously known hard-coded credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful logins with default credentials
Unusual file access or transfer patterns from the appliance

Network Indicators:

Unexpected outbound connections from the Accellion appliance
Traffic patterns indicating data exfiltration

SIEM Query:

source="accellion_fta" AND (event_type="authentication" AND result="success" AND user="default_user")

📊 Metadata

CVE ID: CVE-2019-5622

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: April 29, 2020

Last Updated: November 21, 2024

🔗 References

https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 Third Party Advisory
https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-5622, you might also want to check these: