Intrusion PreventionCrushFTP.VFS.Bypass.CVE-2024-4040.SSTI
Description
This indicates an attack attempt to exploit a Server-Side Template Injection Vulnerability in CrushFTP.
The vulnerability is due to insufficient sanitizing of user-supplied input. An unauthenticated remote attacker can exploit this with a crafted request to read arbitrary files, bypass authentication to gain administrative access, and perform remote code execution on the server.
Affected Products
CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-05-02 | 27.779 | Name:CrushFTP. Server. Side. Template. Injection:CrushFTP. VFS. Bypass. CVE-2024-4040. SSTI |
| 2024-05-02 | 27.779 | Default_action:pass:drop |
| 2024-04-30 | 27.777 |
| ID | 55693 |
| Created | Apr 29, 2024 |
| Updated | May 06, 2024 |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2024-4040 |
| Known Exploited | Yes |
| Exploit Prediction Score | 95.93% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Other |