The Progress community has informed us that they’ve identified several vulnerabilities that impact both the WS_FTP Server Adhoc Transfer Module and the WS_FTP Server manager interface. These vulnerabilities are reported to have an impact on all versions of the WS_FTP servers. In response, the Progress community has taken proactive measures to address these issues, and they have released hotfixes for their customers to apply and patch these vulnerabilities.
In a disclosed Information Progress community stated that:
“We have addressed these issues and have made version-specific hotfixes available for customers to remediate them. If your version is no longer supported as part of the WS_FTP Product Lifecycle, you should upgrade to a supported and fixed version.”
A total of Eight vulnerabilities were reported in the disclosed hotfixes consisting of Two critical, Three High, and Three medium vulnerabilities.
The Vulnerabilities Remediated are the Following:
Deserialization Vulnerability (CVE-2023-40044) (Critical):
Discovered in WS_FTP Server version 8.7.4, and 8.8.2 with a CVSS score of 10. A pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module and execute commands remotely on the Servers operating system.
Directory Traversal (CVE-2023-42657) (Critical):
Which as a CVSS Score of 9.9, is said to affect WS_FTP server version prior to 8.7.4, and 8.8.2. This could enable a threat actor, to perform a series of malicious operations such as (delete, rename, rmdir, Mkdir) on files or folders outside their authorized WS_FTP folder path.
Reflected Cross Site Scripting (CVE-2023-40045) (HIGH):
SQL Injection Vulnerability (CVE-2023-4046) (HIGH):
Affected versions of WS_FTP server includes versions prior to 8.7.4 and 8.8.2. The vulnerability which has a CVSS score of 8.2, is said to impact the WS_FTP server manager interface, enable the attacker to analyze information about the structure and contents of the database and then execute SQL commands.
Stored Cross-Site Scripting (CVE-2023-40047) (HIGH):
Vulnerabilities would be found in WS_FTP server Management module of versions prior to 8.8.2, and CVSS score of 8.3. An attacker with administrative privileges could import an SSL certificate with malicious attributes containing cross-site scripting payloads. Successful storing of the cross-site scripting payload would enable the attacker leverage the vulnerability to target server admin.
Cross-Site-Request-Forgery (CSRF)(CVE-2023-40048) (MEDIUM):
WS_FTP servers prior to version 8.8.2 are affected, detected on a post transaction corresponding to the server administrative function. CVSS score rating is 6.8.
Reflected XSS (CVE-2022-27665) (MEDIUM):
Vulnerability found in Progress Ipswitch WS_FTP Server 8.6.0 resulting into malicious code and command execution on the client due to improper handling of user-provided input. Injecting malicious payload by the attacker into the subdirectory searchbar allows the execution of client-side commands. The vulnerability has a score of 6.1
Unauthenticated User (CVE-2023-40049) (MEDIUM):
Allows unauthenticated user to enumerate files under the “WebServiceHost’ directory listing.
Security Updates have been provided by progress community, and users are advised to log into the download center using their progress ID credentials. For more details refer to the official website Progress Community. to know more.
Please do let us know in the comment section what are your thoughts about this.