10.04.2023

WS_FTP Vulnerability Notice

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 10/4/2023

Action Level - Critical

Description

As part of our Edgeguard service, MCNC would like to make you aware of new threats affecting WS_FTP Server versions prior to 8.7.4 and 8.8.2. The first exploit, tracked as CVE-2023-40044, is believed to allow remote code execution. The second CVE, CVE-2023-42657, is a directory traversal vulnerability that could allow an attacker to read sensitive files and information from the filesystem.


Due to the nature and critical severity of these vulnerabilities, and their ability to impact file transfer server devices that are internal to your network, MCNC recommends patching these vulnerabilities as soon as possible.

Full information including affected versions and remediation steps can be on the Progress website for the CVE. 

Affected Device

  • WS_FTP Server versions prior to 8.7.4 and 8.8.2

Attack Vector

All versions of WS_FTP Server with the Ad Hoc Module installed. 

Attack Feasibility

Currently there is a proof of concept performed by Shubham Shah who discovered the vulnerability. The attacker only needs to feed the WS_FTP data so that when it deserializes it the remote code is then executed. 

Mitigations

The vulnerability requires the Ad Hoc Module to be exploited, therefore, disabling the Ad Hoc Transfer Module will mitigate it until you are able to update. Here is a link on how to do this.  

Remediation

The remediation for this vulnerability is to update to the latest WS_FTP Server version 8.7.4 or 8.8.2. The steps for updating as well as a link to the download can be found here under Solution. If you’re unable to update then please follow the steps for mitigation.

<-- Return to Cybersecurity Alerts...

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • twitter
  • facebook
  • youtube
© 2023 MCNC