216.73.216.133

CVE-2024-4040

· Published 24/04/2024 02:00 · Modified 28/02/2026 00:13 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2024-4040

Essential information

Published
24/04/2024 02:00
Modified
28/02/2026 00:13
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:H/A:H

CVSS metrics

Description

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
430a6cef-dc26-47e3-9fa8-52fb7f19644e
NVD
View on NVD

References