Proof of Concept Exploit for Severe RCE in Fortra FileCatalyst Tool Publicly Available
March 18, 2024
Fortra has rolled out updates to rectify a severe vulnerability, labelled as CVE-2024-25153, that affects its FileCatalyst file transfer solution. This vulnerability, which scores a high 9.8 on the CVSS scale, can be exploited by a remote, unauthenticated attacker to execute arbitrary code on the affected servers.
The advisory explains, “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request.” It further elaborates that in instances where a file is successfully uploaded to the web portal’s DocumentRoot, specially crafted JSP files could potentially be used to execute code, including web shells.
The vulnerability was initially reported in August 2023 by Tom Wedgbury from LRQA Nettitude, prior to Fortra becoming part of the CNA program. The company promptly addressed the issue in the same month. The advisory further states, “We are issuing a CVE now at the request of the individual who initially reported the vulnerability.”
The issue was resolved with the launch of FileCatalyst Workflow version 5.1.6 Build 114. Researchers from Nettitude have made a full proof-of-concept exploit for this vulnerability publicly available on GitHub. This PoC exploit illustrates how to upload a web shell on vulnerable instances to execute operating system commands.
With Fortra GoAnywhere managed file transfer (MFT) having been heavily exploited last year by threat actors such as Cl0p, it is strongly advised that users apply the necessary updates to mitigate potential threats.
Latest News
- Chinese APT Earth Krahang Compromises 48 Government Entities Globally
- APT28 Cyber Threat Group Expands Phishing Campaigns Globally
- ShadowSyndicate Exploits Aiohttp Bug to Target Vulnerable Networks
- Critical Remote Code Execution Vulnerability in Fortinet Patched
- DarkGate Malware Campaign Exploits Recently Patched Microsoft Vulnerability in Zero-Day Attack
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.