Proof of Concept Exploit for Severe RCE in Fortra FileCatalyst Tool Publicly Available

March 18, 2024

Fortra has rolled out updates to rectify a severe vulnerability, labelled as CVE-2024-25153, that affects its FileCatalyst file transfer solution. This vulnerability, which scores a high 9.8 on the CVSS scale, can be exploited by a remote, unauthenticated attacker to execute arbitrary code on the affected servers.

The advisory explains, “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request.” It further elaborates that in instances where a file is successfully uploaded to the web portal’s DocumentRoot, specially crafted JSP files could potentially be used to execute code, including web shells.

The vulnerability was initially reported in August 2023 by Tom Wedgbury from LRQA Nettitude, prior to Fortra becoming part of the CNA program. The company promptly addressed the issue in the same month. The advisory further states, “We are issuing a CVE now at the request of the individual who initially reported the vulnerability.”

The issue was resolved with the launch of FileCatalyst Workflow version 5.1.6 Build 114. Researchers from Nettitude have made a full proof-of-concept exploit for this vulnerability publicly available on GitHub. This PoC exploit illustrates how to upload a web shell on vulnerable instances to execute operating system commands.

With Fortra GoAnywhere managed file transfer (MFT) having been heavily exploited last year by threat actors such as Cl0p, it is strongly advised that users apply the necessary updates to mitigate potential threats.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.