First published: Fri Nov 17 2023(Updated: )
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
|Affected Software||Affected Version||How to fix|
|CrushFTP CrushFTP enterprise suite||=10.5.2|
CVE-2023-43177 is a vulnerability in CrushFTP prior to version 10.5.1 that allows for improperly controlled modification of dynamically-determined object attributes.
CVE-2023-43177 has a severity level of critical.
CrushFTP enterprise suite version 10.5.2 and prior versions are affected by CVE-2023-43177.
To fix CVE-2023-43177, it is recommended to update CrushFTP to version 10.5.2 or later.
You can find more information about CVE-2023-43177 at the following references: [Reference 1](https://github.com/the-emmons/CVE-Disclosures/blob/main/Pending/CrushFTP-2023-1.md) and [Reference 2](https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/).