CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited

April 23, 2024, 5:19 p.m. | Satnam Narang

A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.

Background

On April 19, CrushFTP published an advisory for a zero-day vulnerability in its file transfer tool which bears the same name.

CVEDescriptionCVSSv3SeverityCVE-2024-4040CrushFTP VFS Sandbox Escape Vulnerability7.7High

No CVE identifier was initially assigned for this vulnerability. However, on April 22, h4sh, a security engineer and founder …

advisory april crushftp customers cve cve-2024 entities escape exploited file file system file transfer in the wild name sandbox sandbox escape system tool transfer upgrade vendor virtual virtual file system vulnerability vulnerability exploited zero-day zero-day vulnerability

Visit resource

More from www.tenable.com / Cyber Exposure Alerts

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 4 days, 13 hours ago | www.tenable.com

addresses critical critical vulnerability cve +15

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities 1 week, 2 days ago | www.tenable.com

big big-ip big-ip next central manager centralized management +18

CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 3 weeks, 2 days ago | www.tenable.com

adaptive security arcanedoor blog called +15

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 3 weeks, 4 days ago | www.tenable.com

advisory april crushftp customers +23

Oracle April 2024 Critical Patch Update Addresses 239 CVEs 1 month ago | www.tenable.com

addresses april cpu critical +12

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 1 month ago | www.tenable.com

alto april attacks command +25

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 1 month, 1 week ago | www.tenable.com

addresses april critical critical vulnerabilities +13

Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month, 2 weeks ago | www.tenable.com

CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 2 months ago | www.tenable.com

address advisory arbitrary code attacker +20

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España

View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania

View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States

View on infosec-jobs.com

all InfoSec news

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited

Background

More from www.tenable.com / Cyber Exposure Alerts

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Senior - Penetration Tester

Associate Cyber Incident Responder

Senior Insider Threat Analyst