Act Now: Critical Patch for Exposed Zero-Day Vulnerability in CrushFTP!

    Secure File Transfer

    ⁤Secure File Transfer has recently released a ⁣crucial security update for its customers. The company has addressed a zero-day vulnerability that is being actively exploited by malicious actors. They have urged all users to patch their servers immediately to prevent any ⁢potential breaches.

    This vulnerability ⁢allows unauthorized individuals to escape the virtual file system (VFS) and⁢ access system files. While customers who have a⁣ DMZ ⁤(demilitarized zone) perimeter network are currently safe ⁢from attacks, it is imperative for all users⁤ to patch their systems as soon as possible.

    ​ In a private memo to its customers, the company‍ stated,‍ “We urge you to take immediate action and update your servers to the latest version. This is a serious vulnerability that has already been detected in⁤ the ⁢wild.” The public security advisory released by Secure⁢ File Transfer also emphasizes the‍ urgency of the⁤ situation.

    ‍ The vulnerability affects both authenticated and unauthenticated users. Through the WebInterface, users can access files that are⁣ not part of their VFS,⁤ potentially leading to further escalation and compromises.

    ‌Customers still using CrushFTP v9 are advised to upgrade to ⁣v11 or update their instances through the dashboard to secure their servers. In case of any issues or regressions, there is​ a rollback​ option available.

    ⁢ The security flaw was ‌discovered by Simon Garrelou of Airbus CERT ‌and has been fixed in ⁤the latest versions of CrushFTP ⁤– 10.7.1 and‌ 11.1.0.

    According to Shodan, ‍there are currently over 2,700 ⁤instances of CrushFTP with their ​web interface exposed online, making them vulnerable to attacks. It‍ is important for all‍ users‌ to​ update their systems to the latest version and secure their servers.

    Vulnerable CrushFTP instances

    Targeted Infiltration

    This zero-day vulnerability has‌ already⁣ been exploited in targeted ⁣attacks, according to cybersecurity company ⁣CrowdStrike. In their intelligence report on the matter, they have‍ provided further insight ‍into⁤ the attackers’⁣ tactics, techniques, and objectives.

    CrowdStrike’s Falcon OverWatch and Falcon Intelligence teams have witnessed the exploitation of this vulnerability⁣ on CrushFTP ‌servers belonging to multiple U.S.⁣ organizations. The⁤ evidence⁢ points to a politically motivated intelligence-gathering campaign. As such, it is ​essential for all CrushFTP users to follow the vendor’s instructions and promptly patch their systems to prevent any potential breaches.

    This is not the first time CrushFTP has been in the spotlight​ for security vulnerabilities. In November, they were advised to patch⁣ a critical⁢ remote code execution vulnerability (CVE-2023-43177) by Converge ​Security researchers. The flaw ​was also accompanied by a proof-of-concept exploit, making it all⁢ the more urgent for users to update their systems.

    Latest articles

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here