overview

Two critical vulnerabilities have been found in Progress Software’s WS_FTP Server secure file transfer software. The vulnerabilities are being tracked as CVE-2023-40044 and CVE-2023-42657. The first vulnerability, CVE-2023-40044, has a CVSS score of 10 and allows attackers to execute remote commands following the successful exploitation of a .NET deserialization vulnerability within the Ad Hoc Transfer module. If successful, an attacker could ultimately gain control of a system.  

The second vulnerability, CVE-2023-42657, is a directory traversal vulnerability with a CVSS score of 9.9. This bug could allow attackers to perform file operations (delete, rename, rmdir, mkdir) beyond the authorized WS_FTP folder path. Also, attackers could evade the context of the WS_FTP Server's file structure, allowing them to execute the same actions such as deleting, renaming, managing directories, and creating directories on the underlying operating system.  

Progress Software has rated both vulnerabilities with a CVSS:3.1 rating, indicating that attackers can exploit them with low-complexity attacks that do not require user interaction. Progress Software has also patched six other less severe vulnerabilities within their software’s manager interface and Ad hoc Transfer Module. You may find more information on those vulnerabilities in their security bulletin 

Because thousands of IT teams across the world use the secure file transfer software, Avertium recommends that all users upgrade to the latest version of the WS_FTP Server software as soon as possible.  

 

 

avertium's recommendationS

  • Progress has addressed both CVE-2023-40044 and CVE-2023-42657. The company recommends that upgrading to the following fixed versions: 
    • WS_FTP Server 2020.0.4 (8.7.4) 
    • WS_FTP Server 2022.0.2 (8.8.2). 
  • The company also stated that upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running. 
  • If you need to confirm your current version of WS_FTP, you can follow the instructions in Progress Software’s knowledge base article 
  • Please see Progress Software’s security bulletin for patch guidance.  
  • Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-40044 and CVE-2023-42657. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.  
  • Fusion MXDR for Microsoft combines Avertium's Fusion MXDR approach with Microsoft Security Solutions, creating the first MDR offering that integrates all aspects of security operations into an active and threat-informed XDR solution. Leveraging Microsoft's comprehensive and cost-effective technology, Fusion MXDR for Microsoft delivers a release of cyber energy, encompassing implementation, optimization, ongoing management, and tuning. 








SUPPORTING DOCUMENTATION

WS_FTP Server Critical Vulnerability - (September 2023) - Progress Community 

Progress warns of maximum severity WS_FTP Server vulnerability (bleepingcomputer.com) 

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product  - SecurityWeek 
Chat With One of Our Experts



Cisco Vulnerabilities Flash Notice Cisco Critical Vulnerability High-Severity Vulnerability Blog