Fortra addressed a severe security vulnerability found in its FileCatalyst file transfer application, classified under CVE-2024-25153. This critical flaw, with a CVSS score nearing the maximum at 9.8, allowed attackers the potential to execute code remotely on affected servers without any authentication. The issue stemmed from a directory traversal in the FileCatalyst Workflow Web Portal’s ‘ftpservlet,’ enabling the uploading of files beyond the designated ‘uploadtemp’ directory through specifically crafted POST requests.
Such a loophole posed a substantial threat as it could let attackers upload specially crafted JSP files to the web portal’s root directory, executing arbitrary code, including web shells potentially. Upon discovery by security researcher Tom Wedgbury of LRQA Nettitude in August 2023, Fortra promptly issued a fix within two days in their FileCatalyst Workflow version 5.1.6 Build 114. This proactive approach highlights Fortra’s commitment to security, further exemplified by their appointment as a CVE Numbering Authority in December 2023.
Aside from the primary vulnerability, Fortra also rectified additional security issues in FileCatalyst Direct that could result in information leakage and unauthorized code execution. This string of vulnerabilities and their timely resolution underscore the ongoing battle against cybersecurity threats and the importance of maintaining up-to-date systems. With the increasing utilization of Fortra’s services, including the previously compromised GoAnywhere MFT tool, it’s vital for users to apply these updates diligently to shield against exploitation attempts by malicious actors like Cl0p.
