PatchSiren

PatchSiren cyber security CVE debrief

CVE-2021-27104 Accellion CVE debrief

CVE-2021-27104 affects Accellion FTA and is identified by CISA as a known exploited vulnerability. Because it was added to the Known Exploited Vulnerabilities catalog and associated with ransomware campaign use, organizations running FTA should treat it as a high-priority remediation item.

Vendor
Accellion
Product
FTA
CVSS
Unknown
CISA KEV
Listed
Original CVE published
2021-11-03
Original CVE updated
2021-11-03
Advisory published
2021-11-03
Advisory updated
2021-11-03

Who should care

Security teams, system administrators, and incident responders responsible for Accellion FTA deployments, especially any organization with exposed or still-operational instances.

Technical summary

Official vulnerability and KEV records describe CVE-2021-27104 as an OS command injection issue in Accellion FTA. CISA lists it as known exploited, with known ransomware campaign use, indicating active abuse rather than a purely theoretical flaw.

Defensive priority

Critical

Recommended defensive actions

  • Apply updates per vendor instructions as directed by CISA KEV guidance.
  • Inventory and locate any Accellion FTA instances, including legacy or forgotten deployments.
  • Prioritize remediation of exposed systems before lower-risk maintenance work.
  • Review affected systems for signs of compromise and follow incident response procedures if suspicious activity is found.
  • Verify that monitoring, logging, and asset tracking cover any remaining FTA systems.

Evidence notes

This debrief is based on the supplied CISA Known Exploited Vulnerabilities metadata for CVE-2021-27104, which lists Accellion FTA, date added 2021-11-03, due date 2021-11-17, required action to apply updates per vendor instructions, and known ransomware campaign use. Official CVE and NVD records are provided as reference links.

Official resources

Publicly disclosed in official CVE/NVD records and added to CISA’s Known Exploited Vulnerabilities catalog on 2021-11-03.