Critical Vulnerability in Fortra FileCatalyst Workflow
The security update addresses a critical vulnerability affecting FileCatalyst Workflow that could lead to remote code execution
Summary
The security update addresses a critical vulnerability affecting FileCatalyst Workflow that could lead to remote code execution
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Fortra has released a security update addressing a critical vulnerability found in the FileCatalyst Workflow portal. This vulnerability was initially reported in August 2023 but has now been fully disclosed by Fortra.
FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks.
The vulnerability assigned CVE-2024-25153 is an external control of assumed-immutable web parameter vulnerability. An attacker could exploit this vulnerability to achieve remote code execution by uploading a specially crafted file to the FileCatalyst Workflow portal.
Proof-of-concept available for CVE-2024-25153
Proof-of-concept code for vulnerability CVE-2024-0204 has been made publicly available, which increases the likelihood of exploitation.
Remediation advice
Affected organisations are encouraged to review the Fortra Advisory FI-2024-002 and apply the necessary updates.
Definitive source of threat updates
Last edited: 18 March 2024 3:51 pm