Critical vulnerabilities addressed in WS_FTP Server by Progress Software
The implications of remediating vulnerabilities and recommended mitigation measures
Progress Software has resolved two critical vulnerabilities in WS_FTP Server, which allowed remote command execution by unauthenticated attackers. Users are recommended to update to the correct version or disable the ad hoc transfer feature.
Progress Software, the company behind the MOVEit tool, recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer tool.
Exploits in the wild for CVE-2023-40044
Test code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers have observed several cases of WS_FTP exploitation in the wild, with two different attack chains.
Update and vulnerability exploited (CVE-2023-40044)
CVE-2023-40044 is a .NET deserialization vulnerability that could allow an unauthenticated attacker to execute remote commands on the underlying operating system of WS_FTP Server and can be exploited via an HTTPS POST request.
Strong upgrade recommendation
Affects both versions prior to 8.7.4 and 8.8.2, it is strongly recommended to update to the correct versions. Progress added that if the upgrade is not possible, the risk of exploitation can be mitigated by removing or disabling the WS_FTP Server ad hoc transfer module.
10/02/2023 11:32
Editorial AI