How the policy is implemented in commercial software development.
Users of the CrushFTP file transfer software are strongly encouraged to upgrade to the latest version after discovering a vulnerability that has been targeted.
CrushFTP has warned that there is a zero-Day vulnerability in versions of CrushFTP v11 up to 11.1. The problem is that users can go outside the Virtual File System (VFS) and download system files. The vulnerability was fixed in version 11.1.0.
Companies that use CrushFTP in Demilitarized Zones (DMZ) can be protected from such attacks. However, other users are advised to install the update immediately.
The vulnerability was discovered by Simon Garrell of Airbus CERT, but has not yet received an official CVE identifier.
According to CrowdStrike, cases of targeted use of the flaw against American organizations have already been recorded. It is assumed that the activity of intruders is politically motivated.
CrushFTP confirmed that the company responded promptly to the reported issue by implementing a fix within a few hours of receiving the notification. All versions of CrushFTP v10 are now protected by Update 10.7.1, and v11 versions are protected by update 11.1. Users of the older version of v9 can get the update through the Extended Support program.
Users of the CrushFTP file transfer software are strongly encouraged to upgrade to the latest version after discovering a vulnerability that has been targeted.
CrushFTP has warned that there is a zero-Day vulnerability in versions of CrushFTP v11 up to 11.1. The problem is that users can go outside the Virtual File System (VFS) and download system files. The vulnerability was fixed in version 11.1.0.
Companies that use CrushFTP in Demilitarized Zones (DMZ) can be protected from such attacks. However, other users are advised to install the update immediately.
The vulnerability was discovered by Simon Garrell of Airbus CERT, but has not yet received an official CVE identifier.
According to CrowdStrike, cases of targeted use of the flaw against American organizations have already been recorded. It is assumed that the activity of intruders is politically motivated.
CrushFTP confirmed that the company responded promptly to the reported issue by implementing a fix within a few hours of receiving the notification. All versions of CrushFTP v10 are now protected by Update 10.7.1, and v11 versions are protected by update 11.1. Users of the older version of v9 can get the update through the Extended Support program.
