Security News > 2023 > October > Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)
Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities in WS FTP Server, another popular secure file transfer solution.
CVE-2023-40044 is a.NET deserialization vulnerability that could allow an unauthenticated threat actor to execute remote commands on the underlying WS FTP Server operating system, and can be exploited via a HTTPS POST request.
CVE-2023-42657 is a directory traversal vulnerability that could allow a threat actor to perform file operations on files and folders outside of their authorized WS FTP folder path.
If updating is impossible, the risk of exploitation can be mitigated by removing or disabling the WS FTP Server Ad hoc Transfer Module.
NET deserialization issue that led to RCE. It's surprising that this bug has stayed alive for so long, with the vendor stating that most versions of WS FTP are vulnerable," explained Assetnote researchers, who discovered and reported the vulnerability.
Among them is also a reflected cross-site scripting vulnerability in the Ad Hoc Transfer module, which could be exploited to target WS FTP Server users with a specialized payload to execute malicious JavaScript within the context of the victim's browser.
News URL
https://www.helpnetsecurity.com/2023/10/02/cve-2023-40044/
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-27 | CVE-2023-42657 | Path Traversal vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. | 9.6 |
2023-09-27 | CVE-2023-40044 | Deserialization of Untrusted Data vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 8.8 |