CrushFTP systems vulnerability - 20240430001 (#688)

Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
wagov · Apr 30, 2024 · 6a8dbc2 · 6a8dbc2
1 parent 92cc3e1
commit 6a8dbc2
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/docs/advisories/20240430001-CrushFTP-systems-vulnerability.md b/docs/advisories/20240430001-CrushFTP-systems-vulnerability.md
@@ -0,0 +1,27 @@
+# CrushFTP systems vulnerability  - 20240430001
+
+## Overview
+
+A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
+
+## What is vulnerable?
+
+| CVE    | Severity     | CVSS | Product(s) Affected | Dated |
+| ------ | ------------ | ---- | ------------------- | ----- |
+| [CVE-2024-4040](<https://nvd.nist.gov/vuln/detail/CVE-2024-4040>) | **Critical** | 10.0  | **CrushFTP versions prior to <br>10.7.1 and 11.1.0** |   22-04-2024    |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Crush11wiki: Update (crushftp.com)](https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update)
+
+## Additional References
+
+- [CVE-2024-4040 | Tenable®](https://www.tenable.com/cve/CVE-2024-4040)
+- [CVE-2024-4040 | AttackerKB](https://attackerkb.com/topics/20oYjlmfXa/cve-2024-4040/rapid7-analysis)
+- [Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day - SecurityWeek](https://www.securityweek.com/over-1400-crushftp-instances-vulnerable-to-exploited-zero-day/)