May 4, 2024

CrushFTP is an FTP software that enables secure and efficient file transfer capabilities. It supports various features such as FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL protocols, allowing users to transfer files securely over different networks. The vulnerability has yet to receive CVE identifier.

CrushFTP has notified users of a virtual file system escape vulnerability impacting their FTP software, which could potentially enable users to download system files.

Advertisements

As per the advisory , CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files. This has been patched in v11.1.0. Customers using a DMZ in front of their main CrushFTP instance are protected with its protocol translation system it utilizes.

Crowdstrike researchers discovered that threat actors exploited the critical zero-day vulnerability in targeted attacks in the wild.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Aruba fixes several Critical Vulnerabilities

May 3, 2024

Dropbox suffers a Data Breach

May 3, 2024

Gitlab CVE-2023-7028 added to CISA KEV Catalog

May 2, 2024

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – April, 2024

May 1, 2024

CISA adds CVE-2024-29988 to its KEV catalog

May 1, 2024

CISA releases guidelines on AI Based attacks

May 1, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading