PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released
March 18, 2024
Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product.
Fortra has released updates to address a critical vulnerability, tracked as CVE-2024-25153 (CVSS score 9.8) impacting its FileCatalyst file transfer solution.
A remote, unauthenticated attacker can exploit their vulnerability to execute arbitrary code on impacted servers.
“A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request.” reads the advisory. “In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.”
According to the advisory, the vulnerability was reported in August 2023 by Tom Wedgbury from LRQA Nettitude, before Fortra joining the CNA program and the company fixed it in August 2023.
“We are issuing a CVE now at the request of the individual who initially reported the vulnerability” continues the advisory.
The vulnerability was fixed with the release of FileCatalyst Workflow version 5.1.6 Build 114.
Researchers from Nettitude released on GitHub a full proof-of-concept exploit for this vulnerability. The PoC exploit demonstrates how to upload a web shell on vulnerable instances to execute operating system commands.
The exploit will:
- Automatically detect whether anonymous login is enabled.
- Get a valid session token.
- Upload a command shell with a pseudo-randomly generated file name.
- Execute the OS command.
With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Fortra Filecatalyst)