A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
References
Link | Resource |
---|---|
https://github.com/airbus-cert/CVE-2024-4040 | Exploit Third Party Advisory |
https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ | Press/Media Coverage Third Party Advisory |
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update | Vendor Advisory |
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update | Patch Vendor Advisory |
https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ | Third Party Advisory |
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ | Press/Media Coverage Third Party Advisory |
https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ | Patch Press/Media Coverage Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Apr 2024, 15:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* | |
References | () https://github.com/airbus-cert/CVE-2024-4040 - Exploit, Third Party Advisory | |
References | () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - Press/Media Coverage, Third Party Advisory | |
References | () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - Vendor Advisory | |
References | () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - Patch, Vendor Advisory | |
References | () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - Third Party Advisory | |
References | () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - Press/Media Coverage, Third Party Advisory | |
References | () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - Patch, Press/Media Coverage, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 10.0 |
First Time |
Crushftp
Crushftp crushftp |
|
CWE | CWE-94 |
23 Apr 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-1336 | |
Summary | (en) A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
23 Apr 2024, 12:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Apr 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-22 20:15
Updated : 2024-04-26 15:25
NVD link : CVE-2024-4040
Mitre link : CVE-2024-4040
CVE.ORG link : CVE-2024-4040
JSON object : View
Products Affected
crushftp
- crushftp