Security News > 2023 > October > Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)
Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities in WS FTP Server, another popular secure file transfer solution.
CVE-2023-40044 is a.NET deserialization vulnerability that could allow an unauthenticated threat actor to execute remote commands on the underlying WS FTP Server operating system, and can be exploited via a HTTPS POST request.
CVE-2023-42657 is a directory traversal vulnerability that could allow a threat actor to perform file operations on files and folders outside of their authorized WS FTP folder path.
If updating is impossible, the risk of exploitation can be mitigated by removing or disabling the WS FTP Server Ad hoc Transfer Module.
NET deserialization issue that led to RCE. It's surprising that this bug has stayed alive for so long, with the vendor stating that most versions of WS FTP are vulnerable," explained Assetnote researchers, who discovered and reported the vulnerability.
Among them is also a reflected cross-site scripting vulnerability in the Ad Hoc Transfer module, which could be exploited to target WS FTP Server users with a specialized payload to execute malicious JavaScript within the context of the victim's browser.
News URL
https://www.helpnetsecurity.com/2023/10/02/cve-2023-40044/
Related news
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-42657 | Path Traversal vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. | 9.6 |
| 2023-09-27 | CVE-2023-40044 | Deserialization of Untrusted Data vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 8.8 |