Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product  – Source: www.securityweek.com

Enterprise technology vendor Progress Software on Thursday shipped patches for critical-level security flaws in its WS_FTP file transfer software, warning that a pre-authenticated attacker could wreak havoc on the underlying operating system.

An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2).

Progress Software said two of the vulnerabilities —  CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk of pre-auth remote command execution attacks.

From the Progress Software bulletin:

• CVE-2023-40044 — In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. Critical — CVSS: 10/10.
• CVE-2023-42657 — In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. Critical — CVSS: 9.9/10.

The company also called attention to a trio of high-severity bugs that could lead to reflected cross-site scripting (XSS) and SQL injection attacks.

Progress Software’s security response team has found itself scrambling to respond to a wave of debilitating ransomware attacks that exploited zero-day flaws in its MOVEit managed file transfer software produyt.

Earlier this year, the company rushed out patches to cover at least three critical vulnerabilities and announced plans to release regular service packs with a “predictable, simple and transparent process for product and security fixes.”

“We have heard from you that a regular cadence and predictable timeline will enable you to better plan your resources and make it easier to adopt new product updates and fixes. As a part of these Service Packs, we will also be optimizing the installation process to make the upgrade process simpler,” Progress said in a note posted with the first service pack.

Software vendors typically use a service pack to deliver a collection of updates, fixes, features or enhancements to an application.  Service packs are delivered in the form of a single installable package.

Related: Nearly 1,000 Org, 60M Individuals Impacted by MOVEit Hack

Related: MOVEit Customers Urged to Patch 3rd Critical Vulnerability

Related: Ransomware Group Naming Victims of MOVEit Zero-Days

Related: After Zero-Days, MOVEit Turns to Security Service Packs