diff --git a/CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md b/CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md
new file mode 100644
index 0000000..9e48352
--- /dev/null
+++ b/CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md
@@ -0,0 +1,12 @@
+## CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)
+
+|   **Vulnerability**  | 	CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)  |
+| :----:   | :-----|
+|  **Chinese name**  | CrushFTP as2-to 认证权限绕过漏洞（CVE-2023-43177） |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [app="crushftp-WebInterface""](https://en.fofa.info/result?qbase64=c2VydmVyPSJDcnVzaEZUUCIgfHwgaGVhZGVyPSIvV2ViSW50ZXJmYWNlL2xvZ2luLmh0bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS9sb2dpbi5odG1sIiB8fCBoZWFkZXI9Ii9XZWJJbnRlcmZhY2UvdzNjL3AzcC54bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS93M2MvcDNwLnhtbCIgfHwgdGl0bGU9IkNydXNoRlRQIg%3D%3D) |
+| **Number of assets affected**  | 	38695 |
+| **Description**  | CrushFTP is a powerful file transfer server suitable for secure and efficient file transfer and management for individual or enterprise users.CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. |
+| **Impact** | CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. |
+
+![](https://s3.bmp.ovh/imgs/2023/11/30/8d49b65293d87b3a.gif)