Fortra has launched particulars of a now-patched vital safety flaw impacting its FileCatalyst file switch answer that might enable unauthenticated attackers to realize distant code execution on vulnerable servers.
Tracked as CVE-2024-25153, the shortcoming carries a CVSS rating of 9.8 out of a most of 10.
“A listing traversal inside the ‘ftpservlet’ of the FileCatalyst Workflow Internet Portal permits information to be uploaded outdoors of the meant ‘uploadtemp’ listing with a specifically crafted POST request,” the corporate stated in an advisory final week.
“In conditions the place a file is efficiently uploaded to net portal’s DocumentRoot, specifically crafted JSP information may very well be used to execute code, together with net shells.”
The vulnerability, the corporate stated, was first reported on August 9, 2023, and addressed two days later in FileCatalyst Workflow model 5.1.6 Construct 114 with no CVE identifier. Fortra was licensed as a CVE Numbering Authority (CNA) in early December 2023.
Safety researcher Tom Wedgbury of LRQA Nettitude has been credited with discovering and reporting the flaw. The corporate has since launched a full proof-of-concept (PoC) exploit, describing how the flaw may very well be weaponized to add an online shell and execute arbitrary system instructions.
Additionally resolved by Fortra in January 2024 are two different safety vulnerabilities in FileCatalyst Direct (CVE-2024-25154 and CVE-2024-25155) that might result in data leakage and code execution.
With beforehand disclosed flaws in Fortra GoAnywhere managed file switch (MFT) coming underneath heavy exploitation final yr by menace actors like Cl0p, it is really helpful that customers have utilized the mandatory updates to mitigate potential threats.