Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040.
CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability.
CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL protocols, allowing users to transfer files securely over different networks. CrushFTP also provides support for automation, scripting, user management, and extensive customization options meet the diverse needs of businesses and organizations.
In April, CrushFTP notified users of a virtual file system escape vulnerability impacting their FTP software, which could potentially enable users to download system files.
Simon Garrelou from the Airbus CERT discovered the vulnerability.
Crowdstrike researchers discovered that threat actors exploited the critical zero-day vulnerability in targeted attacks in the wild.
“On April 19, 2024, CrushFTP advised of a virtual file system escape present in their FTP software that could allows users to download system files. Falcon OverWatch and Falcon Intelligence have observed this exploit being used in the wild in a targeted fashion.” reads a post published by Crowdstrike on Reddit.
Security researchers from the Shadowserver reported that at least 1400 vulnerable servers were exposed online as of April 24, 2024.
Most of the vulnerable servers are in the United States (725), followed by Germany (115), and Canada (108).
CISA this week added CVE-2024-4040 to its Known Exploited Vulnerabilities catalog.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, zero-day)