: This is a critical directory traversal flaw with a CVSS score of 9.8 . It allows unauthenticated attackers to upload malicious JSP files (web shells) outside the intended directories, leading to full remote code execution on the server.
Beyond RCE, several other high-severity vulnerabilities were identified that could be leveraged for malicious purposes: CVE-2024-5276 Detail - NVD filecatalyst malicious
: This vulnerability involves a hard-coded password in the FileCatalyst TransferAgent that can be used to unlock the keystore and read private keys, potentially enabling machine-in-the-middle (MiTM) attacks. Exploitation Risks : This is a critical directory traversal flaw
In the event of a suspected security incident, follow these steps: Exploitation Risks In the event of a suspected
FileCatalyst is a legitimate enterprise file transfer solution from , but it has recently been the target of several critical security vulnerabilities that allow attackers to perform malicious actions. There is no evidence that the software itself is "malicious" by design; however, unpatched versions can be used by hackers to gain control of servers. Key Critical Vulnerabilities
Similarly, detailed a path traversal vulnerability that enabled attackers to read and write arbitrary files outside the intended webroot. Combined with the high-speed transfer engine, an attacker could leverage this flaw to stage ransomware executables onto the server and then use the legitimate FileCatalyst client to distribute those payloads to connected endpoints or steal backup data before encryption. Fortra has patched these issues, but scanning data from Shodan and Censys indicates thousands of unpatched instances remain online.