CrushFTP Patches Exploited Zero-Day Vulnerability

11 months ago
April 22, 2024
0 replies
2 views

+54

Jasper_The_Rasper
Moderator
11552 replies

CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.

April 22, 2024 By Ionut Arghire

CrushFTP on Friday released patches for a zero-day vulnerability in the file transfer server, warning customers of its in-the-wild exploitation.

Impacting CrushFTP versions 9, 10, and 11, the security defect allows an unauthenticated attacker to escape their virtual file system (VFS) and retrieve system files, potentially opening the door to further exploitation.

In its advisory, CrushFTP points out that customers using a DMZ server, which filters protocols and connections, are protected against attacks.

>> Full Article <<

Be the first to reply!

CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.

Reply

Related Topics

Congratulations to the Winners of the Talktrack Community Challenge!

Innovation Wonderland Day 5 – join the calendar template challenge and win 🎉🗓️

🆕 Join the Intelligent Widgets Template Challenge for a chance to win 🧩

Join the "Top-Requested Templates" challenge for a chance to win 🎨

🚀 New Templates in Miroverse - September 2023

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded