A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://github.com/airbus-cert/CVE-2024-4040 - Exploit, Third Party Advisory | |
References | () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - Press/Media Coverage, Third Party Advisory | |
References | () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - Vendor Advisory | |
References | () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - Patch, Vendor Advisory | |
References | () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - Third Party Advisory | |
References | () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - Press/Media Coverage, Third Party Advisory | |
References | () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - Patch, Press/Media Coverage, Third Party Advisory |
26 Apr 2024, 15:25
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 10.0 |
First Time |
Crushftp
Crushftp crushftp |
|
References | () https://github.com/airbus-cert/CVE-2024-4040 - Exploit, Third Party Advisory | |
References | () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - Press/Media Coverage, Third Party Advisory | |
References | () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - Vendor Advisory | |
References | () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - Patch, Vendor Advisory | |
References | () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - Third Party Advisory | |
References | () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - Press/Media Coverage, Third Party Advisory | |
References | () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - Patch, Press/Media Coverage, Third Party Advisory | |
CWE | CWE-94 | |
CPE | cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* |
23 Apr 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1336 | |
Summary | (en) A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References |
|
23 Apr 2024, 12:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Apr 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-22 20:15
Updated : 2024-11-21 09:42
NVD link : CVE-2024-4040
Mitre link : CVE-2024-4040
CVE.ORG link : CVE-2024-4040
JSON object : View
Products Affected
crushftp
- crushftp