Progress Software has released hotfixes for its WSFTP product to address a critical security vulnerability [3]. This flaw, tracked as CVE-2023-40044 [5], has a CVSS score of 10.0 [5], indicating maximum severity [5]. It affects the WSFTP Server Ad hoc Transfer Module and the WS_FTP Server manager interface [5].
Description
The vulnerability allows an unauthenticated [2] [3] [4], remote attacker to exploit a .NET deserialization vulnerability in the Ad Hoc Transfer Module to execute remote commands on the underlying WS-FTP Server’s operating system [3]. This enables pre-authenticated remote code execution (RCE) without user interaction [1]. Additionally, there is a directory traversal flaw [1], known as CVE-2023-42657, that enables unauthorized file operations [1]. It allows an attacker to perform file operations on files and folders outside of their authorized WS-FTP folder path or on the underlying operating system [3].
Progress Software has remediated these vulnerabilities and recommends upgrading to the latest version (8.8.2) to mitigate the risks. It is important to note that the upgrade will require a system outage. The company has not observed any signs of exploit activity targeting these vulnerabilities [1]. More information can be found on the Progress Software website [4].
Conclusion
The release of hotfixes by Progress Software addresses the critical security vulnerability in its WS_FTP product. By upgrading to the latest version [2] [4], users can mitigate the risks associated with the .NET deserialization vulnerability and the directory traversal flaw. Although the upgrade may cause a system outage, it is necessary to ensure the security of the WS-FTP Server. Progress Software has not detected any exploit activity targeting these vulnerabilities. For further details, please refer to the Progress Software website [4].
References
[1] https://www.darkreading.com/cloud/moveit-progress-critical-bug-wsftp-software
[2] https://www.infosecurity-magazine.com/news/moveit-patches-critical-file/
[3] https://www.criticalinsight.com/vulnerabilities/cve-2023-40044-42657-critical-rce-vulnerability
[4] https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-125
[5] https://www.cyberevive.com/2023/09/29/progress-software-releases-urgent-hotfixes-for-multiple-security-flaws-in-wsftp-server/
