Progress Software Releases Urgent Patches to Fix WS_FTP Server Vulnerabilities – Source: heimdalsecurity.com

Progress Software, the developer behind the MOVEit Transfer file-sharing platform recently issued a patch for a maximum severity vulnerability in its WS_FTP Server software and advises users to deploy the patch quickly.

Details About the Vulnerabilities Discovered

According to an advisory published on Wednesday, the company disclosed multiple vulnerabilities impacting the software’s manager interface and Ad hoc Transfer Module.

Out of all the security flaws patched, two of them stand out in special, as they were rated as critical: CVE-2023-40044 and CVE-2023-42657.

CVE-2023-40044 has a CVSS score of 10.00, and if exploited it allows unauthenticated attackers to execute remote commands after successful exploitation of a .NET deserialization vulnerability in the Ad Hoc Transfer module.

The other critical vulnerability, CVE-2023-42657, is a directory traversal vulnerability that enables attackers to perform file operations outside the authorized WS_FTP folder path.

Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system,

Progress Software (Source)

Attackers can take advantage of both vulnerabilities in low-complexity assaults that don’t necessitate user participation, according to the company’s CVSS:3.1 assessment for them.

The following are the remaining issues that affect WS_FTP Server versions prior to 8.8.2:

• CVE-2023-40045 (CVSS score: 8.3) – A reflected cross-site scripting (XSS) vulnerability in the WS_FTP Server’s Ad Hoc Transfer module that could be exploited to execute arbitrary JavaScript within the context of the victim’s browser.
• CVE-2023-40047 (CVSS score: 8.3) – A stored cross-site scripting (XSS) vulnerability exists in the WS_FTP Server’s Management module that could be exploited by an attacker with admin privileges to import an SSL certificate with malicious attributes containing XSS payloads that could then be triggered in victim’s browser.
• CVE-2023-40046 (CVSS score: 8.2) – An SQL injection vulnerability in the WS_FTP Server manager interface that could be exploited to infer information stored in the database and execute SQL statements that alter or delete its contents.
• CVE-2023-40048 (CVSS score: 6.8) – A cross-site request forgery (CSRF) vulnerability in the WS_FTP Server Manager interface.
• CVE-2022-27665 (CVSS score: 6.1) – A reflected cross-site scripting (XSS) vulnerability in Progress Ipswitch WS_FTP Server 8.6.0 that can lead to execution of malicious code and commands on the client.
• CVE-2023-40049 (CVSS score: 5.3) – An authentication bypass vulnerability that allows users to enumerate files under the ‘WebServiceHost’ directory listing.

Progress strongly recommends its WS_FTP users to patch them. They’re also recommending upgrading to the most recent version which is 8.8.2

Upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running.

Progress Software (Source)

The company also shared information on how to disable or remove the vulnerable WS_FTP Server Ad Hoc Transfer Module if it’s not being used.

Progress is currently dealing with the effects of a significant number of data theft assaults that occurred after the Clop ransomware gang, commencing on May 27, exploited a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.

The company is currently dealing with the effects of the widespread attack that began in May 2023 and targeted its MOVEit sharing secure file-sharing platform. It is believed that over 62 million people and over 2,100 organizations were affected.

If you want to keep up to date with everything we post, don’t forget to follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.