CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
References
Link Resource
https://github.com/airbus-cert/CVE-2024-4040 Exploit Third Party Advisory
https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ Press/Media Coverage Third Party Advisory
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Vendor Advisory
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update Patch Vendor Advisory
https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ Third Party Advisory
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ Press/Media Coverage Third Party Advisory
https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ Patch Press/Media Coverage Third Party Advisory
https://github.com/airbus-cert/CVE-2024-4040 Exploit Third Party Advisory
https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ Press/Media Coverage Third Party Advisory
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Vendor Advisory
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update Patch Vendor Advisory
https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ Third Party Advisory
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ Press/Media Coverage Third Party Advisory
https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ Patch Press/Media Coverage Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 10.0
v2 : unknown
v3 : 9.8
References () https://github.com/airbus-cert/CVE-2024-4040 - Exploit, Third Party Advisory () https://github.com/airbus-cert/CVE-2024-4040 - Exploit, Third Party Advisory
References () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - Press/Media Coverage, Third Party Advisory () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - Press/Media Coverage, Third Party Advisory
References () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - Vendor Advisory () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - Vendor Advisory
References () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - Patch, Vendor Advisory () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - Patch, Vendor Advisory
References () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - Third Party Advisory () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - Third Party Advisory
References () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - Press/Media Coverage, Third Party Advisory () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - Press/Media Coverage, Third Party Advisory
References () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - Patch, Press/Media Coverage, Third Party Advisory () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - Patch, Press/Media Coverage, Third Party Advisory

26 Apr 2024, 15:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 10.0
First Time Crushftp
Crushftp crushftp
References () https://github.com/airbus-cert/CVE-2024-4040 - () https://github.com/airbus-cert/CVE-2024-4040 - Exploit, Third Party Advisory
References () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - Press/Media Coverage, Third Party Advisory
References () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - Vendor Advisory
References () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - Patch, Vendor Advisory
References () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - Third Party Advisory
References () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - Press/Media Coverage, Third Party Advisory
References () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - Patch, Press/Media Coverage, Third Party Advisory
CWE CWE-94
CPE cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*

23 Apr 2024, 23:15

Type Values Removed Values Added
CWE CWE-20 CWE-1336
Summary (en) VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. (en) A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
CVSS v2 : unknown
v3 : 7.7
v2 : unknown
v3 : 9.8
References
  • () https://github.com/airbus-cert/CVE-2024-4040 -
  • () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ -

23 Apr 2024, 12:52

Type Values Removed Values Added
Summary
  • (es) VFS Sandbox Escape en CrushFTP en todas las versiones anteriores a 10.7.1 y 11.1.0 en todas las plataformas permite a atacantes remotos con privilegios bajos leer archivos del sistema de archivos fuera de VFS Sandbox.

22 Apr 2024, 21:15

Type Values Removed Values Added
References
  • () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ -
  • () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update -
  • () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ -

22 Apr 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-22 20:15

Updated : 2024-11-21 09:42


NVD link : CVE-2024-4040

Mitre link : CVE-2024-4040

CVE.ORG link : CVE-2024-4040


JSON object : View

Products Affected

crushftp

  • crushftp
CWE
CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

CWE-94

Improper Control of Generation of Code ('Code Injection')