CVE-2024-4040
CVSS 3.1 Score 10.0 of 10 (high)
Details
Published Apr 22, 2024
Updated: Apr 26, 2024
CWE ID 1336
CWE ID 94
Summary
CVE-2024-4040 is a serious vulnerability affecting CrushFTP servers before versions 10.7.1 and 11.1.0. This issue enables unauthenticated attackers to inject templates in the server-side code, leading to file reading outside of the VFS Sandbox. Moreover, attackers can bypass authentication and assume administrative access, ultimately resulting in remote code execution. This vulnerability poses a significant risk to CrushFTP servers, making it crucial for users to upgrade to patched versions as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- CrushFTP
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2024-4040 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions