VIR Vulnerability Intelligence Relay

CVE-2024-4040

unknown KEV
Published 2024-04-24 · Modified 2024-04-24
CVSS v3
CVSS v2
VIR risk
1.5

Description

CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).

CISA KEV

Vendor
CrushFTP
Product
CrushFTP
Due date
2024-05-01

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update&version=34; https://nvd.nist.gov/vuln/detail/CVE-2024-4040

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.