PT-2024-9817 · Crushftp · Crushftp
Published
2024-11-11
·
Updated
2024-12-26
·
CVE-2024-53552
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
CrushFTP versions 10 through 10.8.2
CrushFTP versions 11 through 11.2.2
Description:
The issue is related to a flaw in the password reset mechanism of CrushFTP, allowing a remote attacker to gain access to a user's account and take full control of the application by resetting the user's password via email. This can lead to account takeover.
Recommendations:
For CrushFTP version 10, update to version 10.8.3 or later.
For CrushFTP version 11, update to version 11.2.3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crushftp