CVE-2024-4040

Published Apr 22, 2024

Last updated 2 months ago

Exploit known CVSS critical 9.8

Overview

Description: A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Source: 430a6cef-dc26-47e3-9fa8-52fb7f19644e
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Known exploits

Data from CISA

Vulnerability name: CrushFTP VFS Sandbox Escape Vulnerability
Exploit added on: Apr 24, 2024
Exploit action due: May 1, 2024
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

430a6cef-dc26-47e3-9fa8-52fb7f19644e: CWE-1336
nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1922C854-D367-44B7-AEFB-4AEB07679E16",
            "versionEndExcluding": "10.7.1",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EF482D8-4F40-454D-9A92-9D6924C582E2",
            "versionEndExcluding": "11.1.0",
            "versionStartIncluding": "11.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Known exploits

Weaknesses

Social media

Configurations

References