Critical Security Flaw Discovered in Fortra FileCatalyst Exposes Servers to Remote Code Execution
Fortra has disclosed a significant security vulnerability affecting its FileCatalyst file transfer solution, which could enable unauthenticated attackers to execute malicious code on vulnerable servers. This vulnerability, assigned the identifier CVE-2024-25153, has received a high severity rating with a CVSS score of 9.8 on a scale of 10, highlighting its critical nature concerning cybersecurity.
The flaw arises from a directory traversal vulnerability within the ‘ftpservlet’ component of the FileCatalyst Workflow Web Portal. By sending a specially crafted POST request, it is possible for an attacker to upload files outside the designated ‘uploadtemp’ directory. If an attacker successfully uploads files to the web portal’s DocumentRoot, they could leverage these files—such as JSP files—to execute arbitrary commands, potentially paving the way for web shell deployment.
Discovered by security researcher Tom Wedgbury of LRQA Nettitude, this vulnerability was first reported on August 9, 2023, and was swiftly addressed two days later with the release of FileCatalyst Workflow version 5.1.6 Build 114. Notably, the patch was enacted without a CVE identifier initially. Fortra was authorized as a CVE Numbering Authority (CNA) in early December 2023, thereby enabling the formal tracking of vulnerabilities within its products.
The implications of such a vulnerability underscore a critical concern for organizations utilizing the FileCatalyst solution. Attackers could exploit this vulnerability as part of a broader strategy involving tactics outlined in the MITRE ATT&CK framework, particularly concerning initial access and execution techniques. This highlights the potential for ongoing exploitation if software updates and security patches are not promptly applied.
In January 2024, Fortra also addressed additional vulnerabilities within its FileCatalyst Direct product line, notably CVE-2024-25154 and CVE-2024-25155, which pertain to code execution and information leakage. Such issues reinforce the need for vigilance regarding cybersecurity measures.
Organizations are advised to ensure that they have implemented the necessary updates to safeguard their systems from potential intrusions. The recent exploitation of previously disclosed flaws in Fortra’s GoAnywhere managed file transfer (MFT) suite by threat actors, including Cl0p, serves as a reminder of the ever-evolving threat landscape.
In light of these emerging cybersecurity risks, it is prudent for business owners and IT professionals to actively monitor their systems, ensure all software is current, and remain abreast of developments in cybersecurity advisories. By doing so, they can mitigate potential risks associated with vulnerabilities that could significantly impact their operational integrity.
