Progress Software, has issued a patch for a maximum severity vulnerability in its WS_FTP Server software and advises users to deploy the patch quickly.
During this week, Progress have disclosed multiple vulnerabilities impacting the software’s manager interface and Ad hoc Transfer Module.
Out of all the security flaws patched, two of them stand out in special, as they were rated as critical: CVE-2023-40044 and CVE-2023-42657.
CVE-2023-40044 has a CVSS score of 10, and if exploited it allows unauthenticated attackers to execute remote commands after successful exploitation of a .NET deserialization vulnerability in the Ad Hoc Transfer module.
CVE-2023-42657, is a directory traversal vulnerability that enables attackers to perform file operations outside the authorized WS_FTP folder path.
Attackers can take advantage of both vulnerabilities in low-complexity assaults that don’t requires users interaction.
The following are the remaining issues that affect WS_FTP Server versions prior to 8.8.2:
- CVE-2023-40045 (CVSS score: 8.3) – A reflected cross-site scripting (XSS) vulnerability in the WS_FTP Server’s Ad Hoc Transfer module that could be exploited to execute arbitrary JavaScript within the context of the victim’s browser.
- CVE-2023-40047 (CVSS score: 8.3) – A stored cross-site scripting (XSS) vulnerability exists in the WS_FTP Server’s Management module that could be exploited by an attacker with admin privileges to import an SSL certificate with malicious attributes containing XSS payloads that could then be triggered in victim’s browser.
- CVE-2023-40046 (CVSS score: 8.2) – An SQL injection vulnerability in the WS_FTP Server manager interface that could be exploited to infer information stored in the database and execute SQL statements that alter or delete its contents.
- CVE-2023-40048 (CVSS score: 6.8) – A cross-site request forgery (CSRF) vulnerability in the WS_FTP Server Manager interface.
- CVE-2022-27665 (CVSS score: 6.1) – A reflected cross-site scripting (XSS) vulnerability in Progress Ipswitch WS_FTP Server 8.6.0 that can lead to execution of malicious code and commands on the client.
- CVE-2023-40049 (CVSS score: 5.3) – An authentication bypass vulnerability that allows users to enumerate files under the ‘WebServiceHost’ directory listing.
Progress strongly recommends its WS_FTP users to patch them. They’re also recommend upgrading to the most recent version which is 8.8.2
Progress also shared information on how to disable or remove the vulnerable WS_FTP Server Ad Hoc Transfer Module if it’s not being used.
