April 24, 2024 at 09:33AM
Security researchers and CrushFTP warn of a critical sandbox escape flaw (CVE-2024-4040) in version 11.1 of the multiprotocol, multiplatform, cloud-based file transfer server. The vulnerability has been actively exploited and potentially politically motivated, leading to intelligence gathering attacks on US organizations. Publicly available exploit code raises high risks, urging immediate patching and security measures.
Based on the meeting notes, here are the key takeaways:
– A sandbox escape flaw in CrushFTP server version 11.1, tracked as CVE-2024-4040, has been exploited as a zero-day in attacks against organizations in the US.
– The attack scenario is developing, and there are concerns about the number of potentially vulnerable CrushFTP servers, with the exploit being publicly available.
– The vulnerability allows an attacker to escape the server’s virtual file system (VFS) sandbox and potentially gain full remote code execution (RCE) access.
– An available PoC exploit for the flaw has been posted to GitHub, raising concerns about the potential for malicious exploitation and financial gain by threat actors.
– Rapid7 suggests that organizations with CrushFTP should update to the patched version of the product immediately to mitigate the risk. They also recommend hardening servers against RCE attacks and using firewalls to restrict access to CrushFTP services.
If you need further assistance or analysis on these points, feel free to ask.