A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
References
Link | Resource |
---|---|
https://github.com/airbus-cert/CVE-2024-4040 | Exploit Third Party Advisory |
https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ | Press/Media Coverage Third Party Advisory |
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update | Vendor Advisory |
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update | Patch Vendor Advisory |
https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ | Third Party Advisory |
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ | Press/Media Coverage Third Party Advisory |
https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ | Patch Press/Media Coverage Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: directcyber
Published: 2024-04-22T19:21:46.408Z
Updated: 2024-06-04T17:56:36.470Z
Reserved: 2024-04-22T19:08:08.183Z
Link: CVE-2024-4040
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-04-22T20:15:07.803
Modified: 2024-04-26T15:25:47.270
Link: CVE-2024-4040
JSON object: View
Redhat Information
No data.