Patch now! Attacks on file transfer server CrushFTP observed
Attackers have access to system data from CrushFTP servers. There are also vulnerable systems in Germany.
The provider of the file transfer server software CrushFTP warns of a security vulnerability that attackers are already exploiting, according to security researchers. Versions equipped against this vulnerability are available for download.
Install a security update
A security warning states that versions 10.7.1 and 11.1.0 are equipped against the attacks. All previous versions are vulnerable. Anyone still using 9.x must upgrade. Anyone running CrushFTP in the context of a DMZ should not be affected by the attacks. Nevertheless, admins should update the software in this case too.
The update can be done via the dashboard. Since CrushFTP automatically creates backups, according to the provider, admins can restore an older state in the event of problems.
As security researchers from Falcon OverWatch explain, there is currently no CVE number for the vulnerability. Accordingly, a classification of the threat level is still pending.
The vulnerability impacts the Virtual File System (VFS). Attackers should be able to use this without authentication via the web interface to gain access to system files. This allows them to obtain the information they need to expand the attack.
How such an attack works in detail is currently unknown. It also remains unclear to what extent the attacks take place. Security researchers speak of targeted attacks.
Germany also affected
The search engine Shodan shows that around 2700 CrushFTP servers worldwide are currently publicly accessible via the Internet. The majority of these are located in the USA. In Germany, there are just under 260 instances.
(des)