all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)

Add to bookmarks
April 30, 2024, 4:48 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the Vulnerability ?
A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system outside of the VFS Sandbox, gain administrative access, and perform remote code execution on the server.


What is the recommended Mitigation?


According to the …

attackers attacks cisa cisa known exploited vulnerabilities crushftp cve cve-2024 cve-2024-4040 enterprise escape exploited exploited vulnerabilities file files kev known exploited known exploited vulnerabilities list sandbox sandbox escape security security vulnerability software targeted attacks transfer unauthenticated uncovered vulnerabilities vulnerability what is zero-day

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 3 hours from now | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 19 hours ago | fortiguard.fortinet.com
access advisory application attackers +29
GitLab Password Reset Vulnerability (CVE-2023-7028) 5 days, 2 hours ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 6 days, 1 hour ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 1 week ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 1 week, 6 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 1 week, 6 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 3 weeks, 1 day ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 1 month ago | fortiguard.fortinet.com
attack code compression cve +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal Engineer - DLP Endpoint Security

@ Netskope | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Consultant (m/w/d)

@ Deutsche Telekom | Berlin, Deutschland
View on infosec-jobs.com

Security Engineer

@ IDEMIA | Haarlem, NL, 2031 CC
View on infosec-jobs.com

CyberSecurity Forensics and Incident Response Analyst

@ Bosch Group | Pittsburgh, PA, United States
View on infosec-jobs.com

Cyber MS MDR - Sr Associate

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Senior Lead Cybersecurity Architect-Threat modeling, Cryptography

@ JPMorgan Chase & Co. | India
View on infosec-jobs.com
View more jobs