Priya PatelTLDR:
- A critical Remote Code Execution (RCE) vulnerability has been published in Fortra’s FileCatalyst software.
- The vulnerability, CVE-2024-25153, allows attackers to execute arbitrary code on affected systems.
A proof of Concept (PoC) has been published for a critical Remote Code Execution (RCE) vulnerability identified in Fortra’s FileCatalyst software. This vulnerability, tracked as CVE-2024-25153, poses a severe threat to organizations using the FileCatalyst Workflow Web Portal. It potentially allows attackers to execute arbitrary code on affected systems. The core of the vulnerability lies in a directory traversal flaw within the ‘ftpservlet’ component of the FileCatalyst Workflow Web Portal. Exploiting this flaw, attackers can bypass intended security mechanisms to upload files outside the designated ‘uploadtemp’ directory through a specially crafted POST request. If an attacker successfully uploads a file to the web portal’s DocumentRoot, they could leverage specially crafted JSP files to execute arbitrary code on the server, including deploying web shells for persistent access and control. The vulnerability has been assigned a CVSSv3.1 score of 9.8, categorizing it as critical due to its potential impact on confidentiality, integrity, and availability. Fortran has addressed this vulnerability by releasing an update for FileCatalyst Workflow. Users are urged to upgrade to version 5.1.6 Build 114 or higher to mitigate the risk associated with CVE-2024-25153.
The publication of a PoC for CVE-2024-25153 underscores the importance of timely patch management and vulnerability assessment within organizations. Given this vulnerability’s critical nature, Fortra FileCatalyst Workflow users must apply the provided updates without delay. Additionally, organizations should consider conducting a thorough security review of their web applications and implementing layered security measures to defend against similar threats.
