CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*

History

26 Apr 2024, 15:25

Type Values Removed Values Added
CPE cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
References () https://github.com/airbus-cert/CVE-2024-4040 - () https://github.com/airbus-cert/CVE-2024-4040 - Exploit, Third Party Advisory
References () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ - Press/Media Coverage, Third Party Advisory
References () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - Vendor Advisory
References () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - () https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - Patch, Vendor Advisory
References () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ - Third Party Advisory
References () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - () https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ - Press/Media Coverage, Third Party Advisory
References () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ - Patch, Press/Media Coverage, Third Party Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 10.0
First Time Crushftp
Crushftp crushftp
CWE CWE-94

23 Apr 2024, 23:15

Type Values Removed Values Added
References
  • () https://github.com/airbus-cert/CVE-2024-4040 -
  • () https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ -
CWE CWE-20 CWE-1336
Summary (en) VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. (en) A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
CVSS v2 : unknown
v3 : 7.7
v2 : unknown
v3 : 9.8

23 Apr 2024, 12:52

Type Values Removed Values Added
Summary
  • (es) VFS Sandbox Escape en CrushFTP en todas las versiones anteriores a 10.7.1 y 11.1.0 en todas las plataformas permite a atacantes remotos con privilegios bajos leer archivos del sistema de archivos fuera de VFS Sandbox.

22 Apr 2024, 21:15

Type Values Removed Values Added
References
  • () https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ -
  • () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update -
  • () https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/ -

22 Apr 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-22 20:15

Updated : 2024-04-26 15:25


NVD link : CVE-2024-4040

Mitre link : CVE-2024-4040

CVE.ORG link : CVE-2024-4040


JSON object : View

Products Affected

crushftp

  • crushftp
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine