Threat actors are exploiting two vulnerabilities in FileZen, a popular file-sharing platform, and try to steal sensitive data from businesses and government organizations. Among confirmed victims are Japanese officials who had been impacted in a recent breach. But one cannot rule out a possibility that threat actors have compromised other organizations as well.
Two flaws in FileZen server, tracked as CVE-2020-5639 and CVE-2021-20655, allowed threat actors to steal sensitive data from businesses and government organizations before they had been patched. Soliton Systems addressed both flaws in FileZen firmware versions V4.2.8 and V5.0.3.
FileZen is a product of Soliton Systems that helps businesses overcome problems of sharing data between employees and customers, supports transferring large files quickly, and helps overcome problems with content filters and potential loss. The company promises its dedicated, secure appliance allows businesses to retain complete control of data.
The CVE-2020-5639 vulnerability – a Directory traversal issue – could be exploited remotely to upload an arbitrary file potentially leading to arbitrary OS command execution.
The CVE-2021-20655 vulnerability could be exploited remotely with administrator rights to execute arbitrary OS commands via unspecified vectors.
The current attacks are part of a larger-scale campaign in which attackers accessed a Soliton file-sharing storage used by the Japanese Prime Minister’s Cabinet Office.
Since the attacks begun before the company has patched the issues, no one should assume that threat actors have not compromised other organizations that are using FileZen file-sharing servers.
Soliton recommends its customers change system administrator account, reset access controls, and install the latest version of the firmware.
