Headline
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a
Server Security / Vulnerability
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface.
Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw.
“In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system,” the company said in an advisory.
Assetnote security researchers Shubham Shah and Sean Yeoh have been credited with discovering and reporting the vulnerability.
The list of remaining flaws, impacting WS_FTP Server versions prior to 8.8.2, is as follows -
- CVE-2023-42657 (CVSS score: 9.9) - A directory traversal vulnerability that could be exploited to perform file operations.
- CVE-2023-40045 (CVSS score: 8.3) - A reflected cross-site scripting (XSS) vulnerability in the WS_FTP Server’s Ad Hoc Transfer module that could be exploited to execute arbitrary JavaScript within the context of the victim’s browser.
- CVE-2023-40047 (CVSS score: 8.3) - A stored cross-site scripting (XSS) vulnerability exists in the WS_FTP Server’s Management module that could be exploited by an attacker with admin privileges to import an SSL certificate with malicious attributes containing XSS payloads that could then be triggered in victim’s browser.
- CVE-2023-40046 (CVSS score: 8.2) - An SQL injection vulnerability in the WS_FTP Server manager interface that could be exploited to infer information stored in the database and execute SQL statements that alter or delete its contents.
- CVE-2023-40048 (CVSS score: 6.8) - A cross-site request forgery (CSRF) vulnerability in the WS_FTP Server Manager interface.
- CVE-2022-27665 (CVSS score: 6.1) - A reflected cross-site scripting (XSS) vulnerability in Progress Ipswitch WS_FTP Server 8.6.0 that can lead to execution of malicious code and commands on the client.
- CVE-2023-40049 (CVSS score: 5.3) - An authentication bypass vulnerability that allows users to enumerate files under the ‘WebServiceHost’ directory listing.
With security flaws in Progress Software becoming an attractive target for ransomware groups like Cl0p, it’s essential that users move quickly to apply the latest patches to contain potential threats.
UPCOMING WEBINAR
Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools
Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.
Supercharge Your Skills
The company, in the meanwhile, is still grappling with the fallout from the mass hack targeting its MOVEit Transfer secure file transfer platform since May 2023. More than 2,100 organizations and over 62 million individuals are estimated to have been impacted, according to Emsisoft.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.
This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WS_FTP server running the Ad Hoc Transfer module. All versions of WS_FTP Server prior to 2020.0.4 (version 8.7.4) and 2022.0.2 (version 8.8.2) are vulnerable to this issue. The vulnerability was originally discovered by AssetNote.
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.