Not SimonApr 22, 2024

@campuscodi Kudos to @h4sh for assigning the CVE to the actively exploited CrushFTP zero-day: https://infosec.exchange/@h4sh/112316550866303546

According to his analysis and patch diffing, the CVSSv3 score for CVE-2024-4040 is 7.7 HIGH: Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Did some patch diffing on the new #crushFTP bug, and it does look like the bug has 2 components and at least one of them need some form of authentication to exploit (need creation of something).
After the first stage, the reading of the file outside of VFS sandbox might not need authentication. I am not sure.

#CrushFTP #zeroday #vulnerability #CVE_2024_4040 #eitw #activeexploitation

h4sh (@[email protected])

I bring you CVE-2024-4040: VFS Sandbox Escape in #CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. https://www.cve.org/CVERecord?id=CVE-2024-4040 If anyone disagrees with our CVSS analysis, please let me know & bring proof #CVE20244040 #CVE_2024_4040

Infosec Exchange
Show threadNot SimonApr 22, 2024

Shoutout to @h4sh for getting a CVE ID assigned to this actively exploited zero-day CrushFTP vulnerability: CVE-2024-4040 (reported by Simon Garrelou, of Airbus CERT). https://www.cve.org/CVERecord?id=CVE-2024-4040

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.

#zeroday #eitw #activeexploitation #CrushFTP #vulnerability #CVE_2024_4040

CVE Website