The vulnerable software is CrushFTP, a managed file transfer vendor. The vulnerability affects all versions before 10.7.1 and 11.1.0 on all platforms, allowing unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

The exploit can be used to read arbitrary files, including sensitive system files, and to gain admin access. Over 1,400 CrushFTP internet-facing servers are vulnerable to this bug, with the majority located in Canada, Germany, and the US.

Rapid7's analysis confirms that the vulnerability is fully unauthenticated and trivially exploitable, allowing for arbitrary file read, authentication bypass, and remote code execution.

An exploit module is available for this vulnerability, and a Python script can be used to scan for compromised servers.

It is crucial for organizations to review their CrushFTP logs for signs of potential compromise and to patch their systems immediately.

#CrushFTP #Vulnerability #RCE #Exploit #CyberSecurity #Infosec #ZeroDay #SSTI #VFS