cdelafuente-r7
commented
6 months ago Closing it since it has been implemented: https://github.com/rapid7/metasploit-framework/pull/18918
Closed ccondon-r7 closed 6 months ago
cdelafuente-r7
commented
6 months ago Closing it since it has been implemented: https://github.com/rapid7/metasploit-framework/pull/18918
Summary
This vulnerability was disclosed in November 2023 by Converge Software and affects a file transfer product with what seems like a reasonably large internet-facing attack surface area (10K+ at time of disclosure according to the company who discovered it, though we haven't verified that ourselves).
Basic example
Code available. See these links: https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ https://www.bleepingcomputer.com/news/security/exploit-for-crushftp-rce-chain-released-patch-now/
Motivation
File transfer products have been under widespread attack by financially motivated threat actors the past few years. I'm not familiar with CrushFTP specifically, but even if the public attack surface area was only a quarter of what the researchers claimed it was, that'd still be higher than MOVEit Transfer exposure was when Cl0p started hitting CVE-2023-34362.