overview

A critical security vulnerability (CVE-2024-4040) in CrushFTP, a widely used enterprise file transfer solution, has been found and is actively being exploited by attackers. This vulnerability allows attackers to escape their virtual file system and download system files, particularly if the solution’s WebInterface is exposed on the internet. 

According to CrowdStrike, the recent targeting of CrushFTP hosts appears to be part of reconnaissance efforts. Multiple U.S. entities have been subjected to probing, indicating a potential political motivation behind this intelligence-gathering activity.  

Exploitation of CVE-2024-4040 could allow for the unauthorized retrieval of system files, leading to escalation and further compromise. Affected versions include CrushFTP v11 and v10. Patched versions are v11.1.0 and v10.7.1. Customers on v9 should upgrade to v11.1.0 immediately. There is no definitive way to check for exploitation, making immediate patching important.  

Customers using a DMZ in front of their main CrushFTP instance are only partially protected and are advised to upgrade immediately. 

 

 

avertium's recommendationS

For guidance on how to upgrade to CrushFTP v11.1.0 and v10.7.1, please see CrushFTP’s advisory 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-4040. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 




 

SUPPORTING DOCUMENTATION

Crush11wiki: Update (crushftp.com) 

CrushFTP urges customers to patch file transfer tool ‘ASAP’ (therecord.media) 

CrushFTP File Transfer Vulnerability Lets Attackers Download System Fi - Infosecurity Magazine (infosecurity-magazine.com) 

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) - Help Net Security 

 
Chat With One of Our Experts



Flash Notice Critical Vulnerability File Transfer Vulnerability Blog