Summary: CrushFTP has issued a critical security advisory regarding a vulnerability (CVE-2024-53552) that could allow attackers to take over user accounts through manipulated password reset links. Users are urged to update to the latest versions immediately to mitigate this risk.
Threat Actor: Cybercriminals | cybercriminals
Victim: CrushFTP Users | CrushFTP users
Key Point :
- Vulnerability CVE-2024-53552 has a CVSS score of 9.8, indicating high severity.
- Attackers can exploit the flaw via manipulated password reset email links.
- CrushFTP recommends immediate updates to versions 10.8.3 or 11.2.3.
- Administrators should restrict password reset emails to trusted domains.
- Monitoring server logs and educating users on phishing risks is essential.
CrushFTP, a popular file transfer server known for its robust features and user-friendly interface, has issued an urgent security advisory regarding a critical vulnerability that could lead to account takeover. The flaw, tracked as CVE-2024-53552 and assigned a CVSS score of 9.8, affects CrushFTP versions 10 before 10.8.3 and 11 before 11.2.3.
Exploiting Password Reset Functionality
The vulnerability stems from how these versions handle password reset requests. An attacker can exploit this flaw by manipulating the password reset email link. If an unsuspecting user clicks on the malicious link, their account is immediately compromised, granting the attacker full control.
Immediate Action Required
CrushFTP urges all users to update their servers to the latest versions (10.8.3 or 11.2.3) as soon as possible. In addition to patching, administrators must configure allowed email reset URL domains to further enhance security.
This vulnerability is particularly concerning given CrushFTP’s popularity and history as a target for cybercriminals. Earlier this year, CrushFTP servers were found vulnerable to a critical server-side template injection (SSTI) vulnerability (CVE-2024-4040), which allowed for remote code execution. Attackers exploited this flaw in a suspected politically motivated intelligence-gathering campaign against multiple U.S. organizations
Protecting Your CrushFTP Server
To mitigate the risk associated with CVE-2024-53552, users should take the following steps:
- Update: Immediately upgrade to CrushFTP version 10.8.3 or 11.2.3 or later.
- Configure: Restrict password reset emails to trusted domains.
- Monitor: Regularly monitor server logs for suspicious activity.
- Educate: Train users to be cautious of unexpected password reset emails and to avoid clicking on suspicious links.
Related Posts:
Source: https://securityonline.info/cve-2024-53552-cvss-9-8-crushftp-flaw-exposes-users-to-account-takeover