Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

April 23, 2024, 3:26 p.m. | Caitlin Condon

CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. Successful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, and remote code execution.

access account account access administrator authentication authentication bypass bypass code code execution compromise crushftp cve cve-2024 emergent threat response exploitation file file transfer managed managed file transfer remote code remote code execution root server software transfer unauthenticated vulnerability vulnerability management zero-day zero-day vulnerability

Visit resource

More from blog.rapid7.com / Rapid7 Blog

Metasploit Wrap-Up 05/17/2024 1 day, 3 hours ago | blog.rapid7.com

capabilities ldap metasploit metasploit weekly wrapup +2

See a Sneak Peak of Tuesday’s Take Command Summit 2 days, 5 hours ago | blog.rapid7.com

challenges command cybersecurity discuss +6

AI Trust Risk and Security Management: Why Tackle Them Now? 3 days, 10 hours ago | blog.rapid7.com

artificial artificial intelligence customers intelligence +5

Patch Tuesday - May 2024 4 days, 3 hours ago | blog.rapid7.com

access auth broadband critical +15

5 key MDR differentiators to look for to build stronger security resilience 4 days, 4 hours ago | blog.rapid7.com

address adoption analyst attack +19

Ongoing Malvertising Campaign leads to Ransomware 5 days, 4 hours ago | blog.rapid7.com

ads campaign clicking domains +13

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM 5 days, 8 hours ago | blog.rapid7.com

detection and response gartner gartner magic quadrant insightidr +4

Metasploit Wrap-Up 05/10/2024 1 week, 1 day ago | blog.rapid7.com

bruteforce developers login metasploit +12

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators 1 week, 1 day ago | blog.rapid7.com

basta black basta black basta ransomware campaign +10

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France

View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom

View on infosec-jobs.com

all InfoSec news

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

More from blog.rapid7.com / Rapid7 Blog

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

Infrastructure Consultant