CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP

2024-04-2219:21:46

CWE-1336

directcyber

github.com

cve-2024-4040

crushftp

template injection

unauthenticated

remote code execution

vfs sandbox

administrative access

server-side

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

Low

EPSS

0.965

Percentile

99.6%

SSVC

Exploitation

Active

Automatable

Yes

Technical Impact

Total

JSON

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:crushftp:crushftp:10.0:*:*:*:*:*:*:*"
    ],
    "vendor": "crushftp",
    "product": "crushftp",
    "versions": [
      {
        "status": "affected",
        "version": "10.0",
        "lessThan": "10.7.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:crushftp:crushftp:11.0:*:*:*:*:*:*:*"
    ],
    "vendor": "crushftp",
    "product": "crushftp",
    "versions": [
      {
        "status": "affected",
        "version": "11.0",
        "lessThan": "11.1.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]