Security News > 2023 > September > Progress warns of maximum severity WS_FTP Server vulnerability

Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS FTP Server software.

The company says thousands of IT teams worldwide use its enterprise-grade WS FTP Server secure file transfer software.

Out of all WS FTP Server security flaws patched this week, two of them were rated as critical, with the one tracked as CVE-2023-40044 receiving a maximum 10/10 severity rating and allowing unauthenticated attackers to execute remote commands after successful exploitation of a.NET deserialization vulnerability in the Ad Hoc Transfer module.

The other critical bug is a directory traversal vulnerability that enables attackers to perform file operations outside the authorized WS FTP folder path.

"Attackers could also escape the context of the WS FTP Server file structure and perform the same level of operations on file and folder locations on the underlying operating system," Progress said.

"We have addressed the vulnerabilities above and the Progress WS FTP team strongly recommends performing an upgrade," Progress warned.

News URL

https://www.bleepingcomputer.com/news/security/progress-warns-of-maximum-severity-ws-ftp-server-vulnerability/