Security News > 2024 > April > Over 1,400 CrushFTP servers vulnerable to actively exploited bug

Over 1,400 CrushFTP servers vulnerable to actively exploited bug
2024-04-25 16:40

Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection vulnerability previously exploited as a zero-day.

Shodan also currently tracks 5,232 Internet-exposed CrushFTP servers, although it doesn't provide any information on how many of them might be vulnerable to attacks.

Cybersecurity company CrowdStrike released an intelligence report on Friday after CrushFTP disclosed the actively exploited zero-day and released patches, revealing that attackers were targeting CrushFTP servers at multiple U.S. organizations in what looked like a politically motivated intelligence-gathering campaign.

According to evidence found by Falcon OverWatch and Falcon Intelligence teams at CrowdStrike, CrushFTP zero-day was being exploited in targeted attacks.

CISA also added CVE-2024-4040 to its Known Exploited Vulnerabilities catalog on Wednesday, ordering that U.S. federal agencies should secure their vulnerable servers within a week, by May 1st. In November, CrushFTP customers were also warned to patch a critical RCE vulnerability after Converge security researchers who discovered and reported the flaw published a proof-of-concept exploit.

Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/over-1-400-crushftp-servers-vulnerable-to-actively-exploited-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-22 CVE-2024-4040 Code Injection vulnerability in Crushftp
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
network
low complexity
crushftp CWE-94
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Crushftp 1 0 6 0 3 9