Friday, June 14, 2024

Progress Software Warns of Critical Vulnerability in WS_FTP Server

Multiple vulnerabilities have been discovered in Progress’s WS_FTP, which include .NET deserialization, directory traversal, reflected cross-site scripting (XSS), SQL injection, stored cross-site scripting, cross-site request forgery, and unauthenticated user enumeration vulnerability.

These vulnerabilities’ severities range from 5.3 (Medium) to 10.0 (Critical). However, Progress has released patches for fixing these vulnerabilities in the WS_FTP server. 

Moreover, the MOVEit file transfer application, which was one of the most exploited applications by threat actors, is also owned by Progress.

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Technical Analysis

The most critical vulnerabilities were CVE-2023-40044 and CVE-2023-42657. CVE-2023-40044 was a .NET deserialization vulnerability that an attacker could exploit to execute remote commands on the WS_FTP Server operating system. This vulnerability had a severity of 10.0 (Critical).

CVE-2023-42657 was associated with a directory traversal vulnerability which threat actors can use to perform file operations like delete, rename, rmdir, mkdir on files and folders outside of the WS_FTP folder path.

High Severity Vulnerabilities

In addition to this, three high-severity vulnerabilities were discovered on the WS_FTP server, which were CVE-2023-40045, CVE-2023-40046, and CVE-2023-40047. CVE-2023-40045 and CVE-2023-40047 had a severity score of 8.3 (High) and were related to reflected cross-site scripting and stored reflected cross-site scripting.

CVE-2023-40046 was linked with a SQL injection vulnerability that threat actors can use for gathering information about the structure and contents of the SQL database. This vulnerability can also be used to execute SQL for altering or deleting the database elements. 

Medium Severity Vulnerabilities

As for the Medium severity vulnerabilities, CVE-2023-40048 (CSRF – 6.8 (Medium)), CVE-2023-27665 (Reflected XSS – 6.1 (Medium)) and CVE-2023-40049 (Unauthenticated user enumeration) were discovered.

A security advisory has been published by Progress, which provides detailed information about these vulnerabilities. 

Fixed in Version

Fixed VersionDocumentationRelease Notes
WS_FTP Server 2020.0.4 (8.7.4)Upgrade DocumentationWS_FTP Server 2020
WS_FTP Server 2022.0.2 (8.8.2)Upgrade DocumentationWS_FTP Server 2022

Users of the Progress WS_FTP server are recommended to upgrade to the latest version, 8.8.2 in order to fix these vulnerabilities from getting exploited by threat actors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles