all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Add to bookmarks
April 23, 2024, 3:26 p.m. | Caitlin Condon

Rapid7 Blog blog.rapid7.com

CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. Successful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, and remote code execution.

access account account access administrator authentication authentication bypass bypass code code execution compromise crushftp cve cve-2024 emergent threat response exploitation file file transfer managed managed file transfer remote code remote code execution root server software transfer unauthenticated vulnerability vulnerability management zero-day zero-day vulnerability

Visit resource

More from blog.rapid7.com / Rapid7 Blog

The Take Command Summit: A Stacked Agenda, and Killer Guest Speakers Coming Your Way May … 1 day, 4 hours ago | blog.rapid7.com
challenges coming command cybersecurity +14
The Business of Cybersecurity Ownership 2 days, 4 hours ago | blog.rapid7.com
accountability business can ciso +6
Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More 3 days, 3 hours ago | blog.rapid7.com
discuss dns download dynamic +7
Metasploit Weekly Wrap-Up 04/26/24 6 days, 21 hours ago | blog.rapid7.com
addition application clusters community +20
USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award 1 week, 3 days ago | blog.rapid7.com
april award awards beyond +11
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise 1 week, 3 days ago | blog.rapid7.com
access account account access administrator +26
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21 1 week, 4 days ago | blog.rapid7.com
attack aws breaches command +14
Metasploit Weekly Wrap-Up 04/19/24 1 week, 6 days ago | blog.rapid7.com
crushftp emergent threat response exploit framework +11
Enforce and Report on PCI DSS v4 Compliance with Rapid7 2 weeks, 2 days ago | blog.rapid7.com
adoption compliance council data +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs