Fortra has released details of a now-patched critical security vulnerability affecting its FileCatalyst file transfer solution that could allow an unauthenticated attacker to remotely execute code on a vulnerable server .
This flaw is assigned CVE-2024-25153 and has a CVSS score of 9.8 out of 10.
“Directory traversal within the FileCatalyst workflow portal ‘ftpservlet’ allows files to be uploaded outside the expected ‘uploadtemp’ directory via a crafted POST request,” the company said in an announcement last week.
“In the event that the file is successfully uploaded to the portal DocumentRoot, a specially crafted JSP file can be used to execute the code, including the web shell.”
The company said the vulnerability was first reported on August 9, 2023 and resolved two days later in FileCatalyst Workflow version 5.1.6 Build 114, without a CVE identifier. Fortra was authorized as a CVE Numbering Authority (CNA) in early December 2023.
Security researcher Tom Wedgbury of LRQA Nettitude is credited with discovering and reporting the flaw. The company has since released a full proof-of-concept (PoC) vulnerability, describing how the flaw can be exploited to upload a web shell and execute arbitrary system commands.
Fortra also addressed two other security vulnerabilities (CVE-2024-25154 and CVE-2024-25155) in FileCatalyst Direct in January 2024, which could lead to information leakage and code execution.
Because previously disclosed flaws in Fortra GoAnywhere Managed File Transfer (MFT) were heavily exploited by threat actors such as Cl0p last year, users are advised to apply the necessary updates to mitigate potential threats.
