Converge Security reported proof of exploit for a CrushFTP critical vulnerability (CVE-2023-43177) identified last August. The flaw enables a remote attacker to craft web headers to send payloads to the FTP server via specific ports (80, 443, 8080, 9090). The attacker would be subsequently able to leverage the sessions.obj file to impersonate the FTP administrator and / or take over user sessions. The attacker would be also able to abuse a log parser function to manipulate files. In light of the low sophistication required for exploitation and the presence of a public proof of exploit, it is critical to patch vulnerable instances. The fixed version is 10.5.2. The vulnerability has the potential to be exploited in attacks with nefarious consequences, including backdoor or ransomware deployment. Based on a cursory search over Shodan, there are over 8,000 potentially vulnerable servers globally.
- Clipeus
Comments