March 18, 2024 at 06:45AM
The PoC code is available for a critical vulnerability (CVE-2024-25153, CVSS score 9.8) in Fortra FileCatalyst Workflow. Attackers can execute arbitrary code through a directory traversal bug in the ‘ftpservlet’ component, potentially leading to web shell execution. SOCRadar warns of threat actor exploitation and advises prompt system updates. Additional details on Fortra’s product security page.
Key takeaways from the meeting notes:
– Proof-of-concept (PoC) code is available for a critical-severity vulnerability (CVE-2024-25153, with a CVSS score of 9.8) in Fortra FileCatalyst Workflow, allowing remote code execution. This arises from a directory traversal bug in the ‘ftpservlet’ component, potentially enabling the uploading and execution of web shells.
– The vulnerability was discovered in August 2023 and addressed in FileCatalyst Workflow version 5.1.6 Build 114, but a CVE identifier was not initially assigned. Fortra later became a CVE Numbering Authority (CNA) and assigned CVE-2024-25153 to the vulnerability.
– Fortra issued an advisory on the bug, and Nettitude security researcher Tom Wedgbury, who identified the flaw, released PoC code and a technical writeup on exploiting the bug.
– SOCRadar warns that threat actors could weaponize the PoC code, advising organizations to update to a patched version of FileCatalyst Workflow.
– Fortra also announced that FileCatalyst Direct 3.8.9 patched high and medium-severity bugs, and GoAnywhere MFT 7.4.2 addressed a medium-severity flaw. Additional information can be found on Fortra’s product security page.
– While Fortra makes no mention of exploitation in the wild, previous security defects in its products have been targeted in attacks.
Please let me know if you need further details or if there are any additional actions required based on this information.