CVE-2016-1000027 – Java Deserialization RCE

Thorn Technologies SFTP Gateway is affected by a critical security vulnerability, CVE-2016-1000027. This vulnerability allows remote code execution (RCE) against the web admin portal. The following key actions should be taken:

  1. Verify the version of SFTP Gateway and ensure it is one of the affected versions (v3.4.0, v3.4.1, v3.4.2, v3.4.3).
  2. Restrict port 443 access to only sysadmin IP addresses and remove any rules allowing access from the entire world.
  3. Perform an in-place upgrade to version 3.4.4 using the provided upgrade script if already on SFTP Gateway version 3.
  4. Alternatively, migrate to version 3.4.4 by exporting a backup, creating a new instance of v3.4.4, and performing an IP or DNS cutover.
  5. Contact support at support@thorntech.com for assistance.