Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

We Keep you Connected

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface.
Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw.
“In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system,” the company said in an advisory.
Assetnote security researchers Shubham Shah and Sean Yeoh have been credited with discovering and reporting the vulnerability.
The list of remaining flaws, impacting WS_FTP Server versions prior to 8.8.2, is as follows –
With security flaws in Progress Software becoming an attractive target for ransomware groups like Cl0p, it’s essential that users move quickly to apply the latest patches to contain potential threats.
The company, in the meanwhile, is still grappling with the fallout from the mass hack targeting its MOVEit Transfer secure file transfer platform since May 2023. More than 2,100 organizations and over 62 million individuals are estimated to have been impacted, according to Emsisoft.
Cybersecurity firm Rapid7 said it has observed “multiple instances of WS_FTP exploitation in the wild” as part of what it said is likely an opportunistic campaign, making it imperative that users move quickly to apply the fixes.
“This vulnerability turned out to be relatively straightforward and represented a typical .NET deserialization issue that led to RCE,” Assetnote said in an advisory for CVE-2023-40044. “It’s surprising that this bug has stayed alive for so long, with the vendor stating that most versions of WS_FTP are vulnerable.”
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE