By The Integrity360 Team on March 04, 2021

Qualys Accellion Breach

Breaches, Alerts & Advisories

Relevant CVE: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104

As you may already be aware, Qualys have reported that they were recently the victim of a cyber security breach. While no action is currently required, we’d like to ensure our clients are aware of this situation.

The Threat 

In December 2020, 4 vulnerabilities were discovered in the Accellion FTA (File Transfer Appliance) devices which have been observed being exploited in the wild. While details for these vulnerabilities are quite limited, successful exploitation of these flaws may allow attackers to view and exfiltrate files from vulnerable FTA instances.

Qualys have announced that they had an Accellion FTA server in a segregated DMZ environment, using the solution for encrypted temporary transfer of manually uploaded files.

A hotfix to remediate the vulnerabilities was released on December 21st 2020 and Qualys applied the hotfix on December 22nd. They received an integrity alert on December 24th and immediately isolated the affected system from their network. Qualys and Accellion jointly investigated and identified that unauthorized access was made to files hosted on the Accellion FTA server and as a result, Qualys immediately notified a small pool of their affected customers. 

The Impact 

Qualys has confirmed that there is no impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform. All Qualys platforms continue to be fully functional and at no time was there any operational impact.

We will continue to monitor this situation and provide updates, links and resources on this dedicated page if new information comes to light. 

Recommendations

No action is currently required.

Should you require assistance directly, please contact your account manager or use our contact form for further assistance. As always, Integrity360 Managed Security Service (MSS) customers will already be managed through our proactive security approach.

More information

For more information on these vulnerabilities please check the related content links listed below.