all InfoSec news
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
Cyber Exposure Alerts www.tenable.com
A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Background
On April 19, CrushFTP published an advisory for a zero-day vulnerability in its file transfer tool which bears the same name.
CVEDescriptionCVSSv3SeverityCVE-2024-4040CrushFTP VFS Sandbox Escape Vulnerability7.7HighNo CVE identifier was initially assigned for this vulnerability. However, on April 22, h4sh, a security engineer and founder …
advisory april crushftp customers cve cve-2024 entities escape exploited file file system file transfer in the wild name sandbox sandbox escape system tool transfer upgrade vendor virtual virtual file system vulnerability vulnerability exploited zero-day zero-day vulnerability