Analytics Story: CrushFTP Vulnerabilities

Description

CVE-2024-4040 identifies a critical server-side template injection vulnerability in all versions of CrushFTP prior to 10.7.1 and 11.1.0, allowing unauthenticated remote attackers to execute arbitrary code, bypass authentication, and access files outside of the VFS Sandbox.

Why it matters

CVE-2024-4040 exposes a severe server-side template injection vulnerability in all versions of CrushFTP prior to 10.7.1 and 11.1.0. This critical flaw allows unauthenticated remote attackers to execute arbitrary code, bypass authentication mechanisms, and access files outside of the VFS Sandbox. The vulnerability was urgently addressed by CrushFTP with a patch after it was actively exploited in the wild, highlighting the necessity for immediate updates to secure server environments. Users operating behind a DMZ are reported to have an additional layer of protection against this exploit. The discovery and subsequent reporting of this vulnerability by Simon Garrelou of Airbus CERT prompted a swift response from CrushFTP, underscoring the critical nature of the flaw and the potential risks associated with delayed patching. This incident serves as a stark reminder of the importance of maintaining up-to-date software to defend against evolving cybersecurity threats.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
CrushFTP Server Side Template Injection Exploit Public-Facing Application TTP

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼
CrushFTP N/A crushftp:sessionlogs crushftp

References


Source: GitHub | Version: 1