Vulnerability Details CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.705
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 9.8
References
- https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
- https://github.com/the-emmons/CVE-Disclosures/blob/main/Pending/CrushFTP-2023-1.md
- https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
- https://github.com/the-emmons/CVE-Disclosures/blob/main/Pending/CrushFTP-2023-1.md
Products affected by CVE-2023-43177
-
cpe:2.3:a:crushftp:crushftp:10.0.0
-
cpe:2.3:a:crushftp:crushftp:10.1.0
-
cpe:2.3:a:crushftp:crushftp:10.2.0
-
cpe:2.3:a:crushftp:crushftp:10.3.0
-
cpe:2.3:a:crushftp:crushftp:10.4.0
-
cpe:2.3:a:crushftp:crushftp:10.5.0
-
cpe:2.3:a:crushftp:crushftp:10.5.1
-
cpe:2.3:a:crushftp:crushftp:6.1.0
-
cpe:2.3:a:crushftp:crushftp:6.2.0
-
cpe:2.3:a:crushftp:crushftp:6.3.0
-
cpe:2.3:a:crushftp:crushftp:6.4.0
-
cpe:2.3:a:crushftp:crushftp:6.5.0
-
cpe:2.3:a:crushftp:crushftp:7.0.0
-
cpe:2.3:a:crushftp:crushftp:7.1.0
-
cpe:2.3:a:crushftp:crushftp:7.2.0
-
cpe:2.3:a:crushftp:crushftp:7.3.0
-
cpe:2.3:a:crushftp:crushftp:7.4.0
-
cpe:2.3:a:crushftp:crushftp:7.5.0
-
cpe:2.3:a:crushftp:crushftp:7.6.0
-
cpe:2.3:a:crushftp:crushftp:7.7.0
-
cpe:2.3:a:crushftp:crushftp:7.8.0
-
cpe:2.3:a:crushftp:crushftp:8.0.2
-
cpe:2.3:a:crushftp:crushftp:8.0.3
-
cpe:2.3:a:crushftp:crushftp:8.0.4
-
cpe:2.3:a:crushftp:crushftp:8.1.0
-
cpe:2.3:a:crushftp:crushftp:8.2.0
-
cpe:2.3:a:crushftp:crushftp:8.2.1
-
cpe:2.3:a:crushftp:crushftp:8.3.0
-
cpe:2.3:a:crushftp:crushftp:8.3.1
-
cpe:2.3:a:crushftp:crushftp:8.3.2
-
cpe:2.3:a:crushftp:crushftp:8.3.3
-
cpe:2.3:a:crushftp:crushftp:9.0.0
-
cpe:2.3:a:crushftp:crushftp:9.1.0
-
cpe:2.3:a:crushftp:crushftp:9.2.0
-
cpe:2.3:a:crushftp:crushftp:9.3.0
-
cpe:2.3:a:crushftp:crushftp:9.3.2
-
cpe:2.3:a:crushftp:crushftp:9.4.0