top of page
  • Clipeus

CrushFTP

Converge Security reported proof of exploit for a CrushFTP critical vulnerability (CVE-2023-43177) identified last August. The flaw enables a remote attacker to craft web headers to send payloads to the FTP server via specific ports (80, 443, 8080, 9090). The attacker would be subsequently able to leverage the sessions.obj file to impersonate the FTP administrator and / or take over user sessions. The attacker would be also able to abuse a log parser function to manipulate files. In light of the low sophistication required for exploitation and the presence of a public proof of exploit, it is critical to patch vulnerable instances. The fixed version is 10.5.2. The vulnerability has the potential to be exploited in attacks with nefarious consequences, including backdoor or ransomware deployment. Based on a cursory search over Shodan, there are over 8,000 potentially vulnerable servers globally.

Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page