Activity Feed

achen-r7 reported CVE-2024-29988 as Exploited in the Wild

April 30, 2024 8:41pm UTC (1 day ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/04/30/cisa-adds-one-known-exploited-vulnerability-catalog)

inokii reported CVE-2024-4040 as Exploited in the Wild

April 25, 2024 9:01pm UTC (6 days ago)

Indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/04/24/cisa-adds-three-known-exploited-vulnerabilities-catalog)

inokii reported CVE-2024-20359 as Exploited in the Wild

April 25, 2024 8:59pm UTC (6 days ago)

Indicated sources as

Vendor Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h)
Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/04/24/cisa-adds-three-known-exploited-vulnerabilities-catalog)

inokii reported CVE-2024-20353 as Exploited in the Wild

April 25, 2024 8:57pm UTC (6 days ago)

Indicated sources as

Vendor Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2)
Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/04/24/cisa-adds-three-known-exploited-vulnerabilities-catalog)

inokii reported CVE-2022-38028 as Exploited in the Wild

April 25, 2024 8:56pm UTC (6 days ago)

Indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/04/23/cisa-adds-one-known-exploited-vulnerability-catalog)

danielxmnn reported CVE-2024-3400 as Exploited in the Wild

April 25, 2024 1:00pm UTC (1 week ago)

Indicated sources as

Vendor Advisory
News Article or Blog

cbeek-r7 reported CVE-2024-20353 as Exploited in the Wild

April 25, 2024 7:36am UTC (1 week ago)

Indicated source as

Vendor Advisory (https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/)

cbeek-r7 reported CVE-2024-20359 as Exploited in the Wild

April 25, 2024 7:35am UTC (1 week ago)

Indicated source as

Vendor Advisory (https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/)

remmons-r7 reported CVE-2024-4040 as Exploited in the Wild

April 24, 2024 10:30pm UTC (1 week ago)

Indicated sources as

Vendor Advisory (https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update)
Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
News Article or Blog (https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/)

4

remmons-r7 assessed CVE-2024-4040

April 24, 2024 10:30pm UTC (1 week ago)•Edited 5 days ago

Ratings

Attacker Value

Very High

Exploitability

Very High

CISA KEV Listed Common in enterprise Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

CVE-2024-4040 was discovered by Simon Garrelou, of Airbus CERT, and it’s a server-side template injection vulnerability for the CrushFTP managed file transfer suite. The vulnerability was reported to CrushFTP on Friday, April 19, 2024. That same day, it was patched and announced via the vendor’s security mailing list, though a CVE wasn’t assigned until Monday, April 22, 2024. The vulnerability impact is primarily unauthenticated arbitrary high-privilege file disclosure, and it can result in full compromise of CrushFTP instances via multiple paths. Additionally, Rapid7 has confirmed that it’s possible to establish remote code execution as a result of the file disclosure primitive.

Anyone running CrushFTP should patch with urgency. When the patch is applied, check for the IOCs outlined in the official Rapid7 analysis to identify any prior successful exploitation. As noted in the analysis, defenders should be aware that exploitation may be masked in logs via mangled exploit web requests.

Ratings

Technical Analysis

Quick Cookie Notification