CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if the solution’s WebInterface is exposed on the internet. According to Censys, there are currently 9,600+ publicly-exposed CrushFTP hosts (virtual & physical), mostly in North America and Europe. About CVE-2024-4040 CrushFTP sent out notices about … More →

The post …

attackers censys configuration configuration files crowdstrike crushftp cve cve-2024 don't miss download enterprise escape exploit exploited exposed fashion file files file system file transfer ftp hot stuff internet solution system transfer upgrade virtual virtual file system vulnerability zero-day