Fortra Addresses Critical Security Flaw in FileCatalyst Solution

Fortra has addressed a critical security flaw in its FileCatalyst file transfer solution, identified as CVE-2024-25153, which could have allowed unauthenticated attackers to execute remote code on vulnerable servers.

The vulnerability stemmed from a directory traversal issue within the ‘ftpservlet’ component of the FileCatalyst Workflow Web Portal. Attackers could exploit this flaw by crafting a POST request to upload files outside of the designated ‘uploadtemp’ directory. Once uploaded, specially crafted JSP files could be utilized to execute arbitrary code, including the deployment of web shells. This flaw, assigned a CVSS score of 9.8 out of 10, was discovered and reported by security researcher Tom Wedgbury of LRQA Nettitude. Fortra promptly addressed the issue in FileCatalyst Workflow version 5.1.6 Build 114, released on August 11, 2023, although initially without a CVE identifier. Fortra became a CVE Numbering Authority (CNA) in December 2023.

Furthermore, Fortra resolved two other security vulnerabilities in FileCatalyst Direct in January 2024, identified as CVE-2024-25154 and CVE-2024-25155. These vulnerabilities could have led to information leakage and code execution, posing additional risks to users.

In response to the growing threat landscape, particularly with previous exploits targeting Fortra GoAnywhere managed file transfer (MFT) solutions by threat actors like Cl0p, users are strongly advised to apply the necessary updates promptly. Failure to do so could leave systems susceptible to exploitation. Security updates are crucial in mitigating potential threats and safeguarding against unauthorized access or data breaches. Given the severity of these vulnerabilities and the potential impact on system integrity and data confidentiality, users are urged to prioritize security patches and adhere to best practices in maintaining secure file transfer solutions.

Fortra malware

By staying vigilant and proactive in applying security measures, organizations can reduce the risk of exploitation and ensure the protection of sensitive data during file transfers.