CVE-2024-53552

Published Dec 10, 2024

Last updated 3 months ago

CVSS critical 9.8

Overview

Description
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-640

Social media

Hype score
Not currently trending

  1. #Vulnerability #CrushFTP CVE-2024-53552 (CVSS 9.8): CrushFTP Flaw Exposes Users to Account Takeover https://t.co/iEY8NxLZ5Y

    @Komodosec

    26 Dec 2024

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE Alert: Critical CrushFTP Account Takeover Vulnerability🚨 Vulnerability Details: CVE-2024-53552 (CVSS v3 9.8/10) CrushFTP Account Takeover Vulnerability Impact A successful exploit may allow an attackers to steal user accounts. Affected Products CrushFTP v10 Prior to…

    @CyberxtronTech

    25 Dec 2024

    64 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. 🚨 Critical CrushFTP vulnerability (CVE-2024-53552) exposes users to account takeovers via manipulated password resets. Update to versions 10.8.3 or 11.2.3 ASAP! CVSS score: 9.8. #CrushFTPAlert #AccountTakeover #Indonesia #CybersecurityNews link: https://t.co/SdHHeuUVCV https://

    @TweetThreatNews

    24 Dec 2024

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨🚨CVE-2024-53552 (CVSS: 9.8) : CrushFTP Flaw Exposes Users to Account Takeover ⚠️The vulnerability stems from how these versions handle password reset requests. An attacker can exploit this flaw by manipulating the password reset email link. Search for CrushFTP application.… h

    @zoomeye_team

    24 Dec 2024

    512 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. CVE-2024-53552 (CVSS 9.8): CrushFTP Flaw Exposes Users to Account Takeover https://t.co/1acXnTvQa2

    @Dinosn

    24 Dec 2024

    1769 Impressions

    1 Retweet

    7 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  6. ファイル転送サーバのCrushFTPに重大(Critical)な脆弱性。CVE-2024-53552はCVSSスコア9.8で、パスワードリセット時のリンクを細工することで、被害者がリンクをクリックした場合にアカウントを乗っ取れるもの。修正済。 https://t.co/9GjFCGgoKX

    @__kokumoto

    24 Dec 2024

    636 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. CVE-2024-53552 (CVSS 9.8): CrushFTP Flaw Exposes Users to Account Takeover Urgent security advisory: CVE-2024-53552 affects #CrushFTP versions 10 and 11. Take immediate action to protect your accounts. https://t.co/oupHuTZw9f

    @the_yellow_fall

    24 Dec 2024

    88 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-53552 CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover. https://t.co/TKbVmsdYhm

    @CVEnew

    10 Dec 2024

    172 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-53552 Account Takeover via Password Reset Flaw in CrushFTP 10 & 11 CrushFTP versions below 10.8.3 and 11.2.3 have a problem with handling password resets. This can lead to someone taking over an account. https://t.co/WTZipMJWm6

    @VulmonFeeds

    10 Dec 2024

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References