Summary: CrushFTP has issued a warning about an unauthenticated HTTP(S) port access vulnerability affecting versions 10 and 11, urging customers to patch their servers immediately. The flaw allows attackers to gain unauthorized access to exposed servers, with over 3,400 instances currently exposed online. As a temporary measure, users can enable the DMZ feature to protect their systems until they can apply updates.
Affected: CrushFTP v10 and v11
Keypoints :
- CrushFTP warned of a vulnerability enabling unauthenticated access to exposed servers.
- The company encourages immediate patching, with version 11.3.1+ recommended.
- Over 3,400 CrushFTP instances are exposed online, posing a significant risk.
- Enabling the DMZ feature can mitigate risk until patches are applied.