{"id":33810,"date":"2024-04-23T00:36:23","date_gmt":"2024-04-22T22:36:23","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=33810"},"modified":"2024-04-23T00:36:23","modified_gmt":"2024-04-22T22:36:23","slug":"update-crushftp-to-v11-1-0-vulnerability-cve-2024-4040-under-attack","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/04\/23\/update-crushftp-to-v11-1-0-vulnerability-cve-2024-4040-under-attack\/","title":{"rendered":"Update CrushFTP to v11.1.0, vulnerability (CVE-2024-4040) under attack"},"content":{"rendered":"

\"Sicherheit[German<\/a>]CrushFTP<\/a>\u00a0is a proprietary file transfer server with multiple protocols and platforms (macOS, Linux, Windows) that is available as shareware with a tiered pricing model. It is aimed at home users through to corporate users. As of April 19, 2024, the provider has published a security warning that a critical vulnerability (CVE-2024-4040) has been discovered in the software, which is being exploited by attackers.<\/p>\n

<\/p>\n

In a security advisory<\/a> dated April 19, 2024, it states that CrushFTP v11 versions below 11.1 have a vulnerability. The vulnerability (CVE-2024-4040), which is classified as critical, allows users to bypass their VFS (Apache Virtual File System) and download system files. This is of course a lucrative target for hackers who could download files from the VFS.<\/p>\n

This vulnerability has been fixed in version 11.1.0. Customers using a DMZ in front of their main CrushFTP instance are partially protected by the protocol translation system used. However, a DMZ does not fully protect and users must update immediately to be safe again, according to the provider.<\/p>\n

The company warned customers by email that the vulnerability is being exploited in the wild, as our colleagues at Bleeping Computer write here<\/a>. Customers with servers still running CrushFTP v9 should update to v11 immediately or update their instance via the dashboard to be protected again, they say.<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]CrushFTP\u00a0is a proprietary file transfer server with multiple protocols and platforms (macOS, Linux, Windows) that is available as shareware with a tiered pricing model. It is aimed at home users through to corporate users. As of April 19, 2024, the … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1547,22],"tags":[1544,195],"class_list":["post-33810","post","type-post","status-publish","format-standard","hentry","category-software","category-update","tag-software","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/33810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=33810"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/33810\/revisions"}],"predecessor-version":[{"id":33811,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/33810\/revisions\/33811"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=33810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=33810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=33810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}