CrushFTP Zero-Day Exploited in Targeted Attacks: What You Need to Know

CrushFTP Zero-DayVulnerability Exploited in Targeted Attacks

CrushFTP, a file transfer server software, has announced that a zero-day vulnerability affecting its FTP software could allow users to download system files. The company has released an advisory noting that the flaw has been patched in version 11.1.0. This vulnerability was discovered by Simon Garrelou from the Airbus CERT and according to Crowdstrike experts, it has been exploited in the wild in targeted attacks.

Crowdstrike Detects Attacks in the Wild

On April 19, 2024, CrushFTP advised on a virtual file system escape from their FTP software that could allow users to download system files. The company stated that versions prior to 11.1.0 were affected and that the vulnerability had been patched in 11.1.0. CrushFTP added that customers using a DMZ in front of their main CrushFTP instance are protected with its protocol translation system.

Crowdstrike has reported that they observed the exploit being used in the wild in a targeted fashion, adding that the vulnerability has yet to receive a CVE. These types of file transfer protocol vulnerabilities can potentially have serious consequences for enterprises and their customers. We can expect further details to emerge on the attacks observed in the wild as additional research is published on this vulnerability.

crushFTP 11.1.0

CrushFTP has released an update to mitigate this issue, and organizations are advised to update their software immediately to ensure they are protected against this vulnerability. Furthermore, to reduce the risk of exploitation, it's essential to have a comprehensive vulnerability management program in place to detect and address security flaws promptly. This zero-day discovery highlights the continued targeting of software vulnerabilities by threat actors and the swift action they take to exploit these flaws.

Background on CrushFTP

CrushFTP is a robust file transfer server software that supports various protocols, including FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL. It offers users secure and efficient file transfer capabilities and provides extensive customization options suitable for businesses and organizations. It also supports automation and scripting, along with user management capabilities.