CVE-2024-4040

2024-04-2220:15:07

CWE-94

CWE-1336

430a6cef-dc26-47e3-9fa8-52fb7f19644e

web.nvd.nist.gov

In Wild

vfs sandbox escape

crushftp

remote attack

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.966 High

EPSS

Percentile

99.6%

JSON

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

Affected configurations

NVD

Node

crushftpcrushftpRange10.0.0–10.7.1

crushftpcrushftpRange11.0.0–11.1.0

CPENameOperatorVersion
crushftp:crushftpcrushftplt10.7.1
crushftp:crushftpcrushftplt11.1.0

CPE	Name	Operator	Version
crushftp:crushftp	crushftp	lt	10.7.1
crushftp:crushftp	crushftp	lt	11.1.0

CNA Affected

[
  {
    "collectionURL": "https://www.crushftp.com/download.html",
    "defaultStatus": "affected",
    "product": "CrushFTP",
    "vendor": "CrushFTP",
    "versions": [
      {
        "lessThan": "10.7.1",
        "status": "affected",
        "version": "10.0",
        "versionType": "semver"
      },
      {
        "lessThan": "11.1.0",
        "status": "affected",
        "version": "11.0",
        "versionType": "semver"
      }
    ]
  }
]