Fortra has launched details of a now-patched critical security flaw impacting its FileCatalyst file transfer answer that could allow unauthenticated attackers to attain distant code execution on susceptible servers.
Tracked as CVE-2024-25153, the shortcoming carries a CVSS rating of 9.8 out of a utmost of 10.
“A directory traversal in the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal will allow files to be uploaded outdoors of the supposed ‘uploadtemp’ listing with a specifically crafted Article ask for,” the corporation said in an advisory last 7 days.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“In scenarios in which a file is effectively uploaded to web portal’s DocumentRoot, specifically crafted JSP data files could be applied to execute code, which include web shells.”
The vulnerability, the company explained, was initial documented on August 9, 2023, and dealt with two times later on in FileCatalyst Workflow edition 5.1.6 Construct 114 without a CVE identifier. Fortra was approved as a CVE Numbering Authority (CNA) in early December 2023.
Security researcher Tom Wedgbury of LRQA Nettitude has been credited with exploring and reporting the flaw. The enterprise has considering the fact that produced a whole proof-of-concept (PoC) exploit, describing how the flaw could be weaponized to add a web shell and execute arbitrary program commands.
Also solved by Fortra in January 2024 are two other security vulnerabilities in FileCatalyst Direct (CVE-2024-25154 and CVE-2024-25155) that could guide to information and facts leakage and code execution.
With beforehand disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming less than hefty exploitation last yr by threat actors like Cl0p, it can be advised that customers have applied the important updates to mitigate potential threats.
Found this report interesting? Comply with us on Twitter and LinkedIn to study more special material we submit.
Some pieces of this article are sourced from:
thehackernews.com
Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites