CrushFTP has released patches for a zero-day vulnerability exploited in the wild. The security defect impacts CrushFTP versions 9, 10, and 11, allowing an unauthenticated attacker to escape their virtual file system and retrieve system files. Customers using a DMZ server are protected against attacks.
Patches were included in CrushFTP versions 10.71 and 11.1.0, and customers still using CrushFTP version 9 should upgrade to a patched release. The vulnerability has been exploited in a targeted fashion, mainly against US entities, likely for intelligence gathering or politically motivated purposes.
Read more: CrushFTP Patches Exploited Zero-Day Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.