Saturday, October 12, 2024
HomeCyber Security NewsProgress Software Warns of Critical Vulnerability in WS_FTP Server

Progress Software Warns of Critical Vulnerability in WS_FTP Server

Published on

Malware protection

Multiple vulnerabilities have been discovered in Progress’s WS_FTP, which include .NET deserialization, directory traversal, reflected cross-site scripting (XSS), SQL injection, stored cross-site scripting, cross-site request forgery, and unauthenticated user enumeration vulnerability.

These vulnerabilities’ severities range from 5.3 (Medium) to 10.0 (Critical). However, Progress has released patches for fixing these vulnerabilities in the WS_FTP server. 

Moreover, the MOVEit file transfer application, which was one of the most exploited applications by threat actors, is also owned by Progress.

- Advertisement - SIEM as a Service
Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Technical Analysis

The most critical vulnerabilities were CVE-2023-40044 and CVE-2023-42657. CVE-2023-40044 was a .NET deserialization vulnerability that an attacker could exploit to execute remote commands on the WS_FTP Server operating system. This vulnerability had a severity of 10.0 (Critical).

CVE-2023-42657 was associated with a directory traversal vulnerability which threat actors can use to perform file operations like delete, rename, rmdir, mkdir on files and folders outside of the WS_FTP folder path.

High Severity Vulnerabilities

In addition to this, three high-severity vulnerabilities were discovered on the WS_FTP server, which were CVE-2023-40045, CVE-2023-40046, and CVE-2023-40047. CVE-2023-40045 and CVE-2023-40047 had a severity score of 8.3 (High) and were related to reflected cross-site scripting and stored reflected cross-site scripting.

CVE-2023-40046 was linked with a SQL injection vulnerability that threat actors can use for gathering information about the structure and contents of the SQL database. This vulnerability can also be used to execute SQL for altering or deleting the database elements. 

Medium Severity Vulnerabilities

As for the Medium severity vulnerabilities, CVE-2023-40048 (CSRF – 6.8 (Medium)), CVE-2023-27665 (Reflected XSS – 6.1 (Medium)) and CVE-2023-40049 (Unauthenticated user enumeration) were discovered.

A security advisory has been published by Progress, which provides detailed information about these vulnerabilities. 

Fixed in Version

Fixed VersionDocumentationRelease Notes
WS_FTP Server 2020.0.4 (8.7.4)Upgrade DocumentationWS_FTP Server 2020
WS_FTP Server 2022.0.2 (8.8.2)Upgrade DocumentationWS_FTP Server 2022

Users of the Progress WS_FTP server are recommended to upgrade to the latest version, 8.8.2 in order to fix these vulnerabilities from getting exploited by threat actors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...