all InfoSec news
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
April 30, 2024, 4:48 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system outside of the VFS Sandbox, gain administrative access, and perform remote code execution on the server.
What is the recommended Mitigation?
According to the …
attackers attacks cisa cisa known exploited vulnerabilities crushftp cve cve-2024 cve-2024-4040 enterprise escape exploited exploited vulnerabilities file files kev known exploited known exploited vulnerabilities list sandbox sandbox escape security security vulnerability software targeted attacks transfer unauthenticated uncovered vulnerabilities vulnerability what is zero-day
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Jobs in InfoSec / Cybersecurity
Principal Engineer - DLP Endpoint Security
@ Netskope | Bengaluru, Karnataka, India
Security Consultant (m/w/d)
@ Deutsche Telekom | Berlin, Deutschland
Security Engineer
@ IDEMIA | Haarlem, NL, 2031 CC
CyberSecurity Forensics and Incident Response Analyst
@ Bosch Group | Pittsburgh, PA, United States
Cyber MS MDR - Sr Associate
@ KPMG India | Bengaluru, Karnataka, India
Senior Lead Cybersecurity Architect-Threat modeling, Cryptography
@ JPMorgan Chase & Co. | India