Progress WS_FTP Server Security Vulnerabilities: What You Need to Know

CVE-2023-40044

Progress WS_FTP Server is a popular FTP server software solution that is used by businesses and organizations of all sizes to securely store, share, and transfer files. However, recent security vulnerabilities discovered in the software could allow attackers to compromise WS_FTP Server systems and gain access to sensitive data.

CVE-2023-40044

Critical Vulnerabilities

Two of the most critical vulnerabilities discovered in the WS_FTP Server are CVE-2023-40044 and CVE-2023-42657. CVE-2023-40044 (CVSS: 10) is a pre-authenticated remote command execution vulnerability that could allow an attacker to execute arbitrary code on the underlying WS_FTP Server operating system. CVE-2023-42657 (CVSS: 9.9) is a directory traversal vulnerability that could allow an attacker to access and modify files and folders outside of the WS_FTP Server file structure.

High Vulnerabilities

In addition to the critical vulnerabilities, there are also several high-severity vulnerabilities that have been discovered in WS_FTP Server. These vulnerabilities include:

  • CVE-2023-40045 (CVSS: 8.3): Reflected cross-site scripting (XSS) vulnerability in WS_FTP Server’s Ad Hoc Transfer module
  • CVE-2023-40046 (CVSS: 8.2): SQL injection vulnerability in the WS_FTP Server manager interface
  • CVE-2023-40047 (CVSS: 8.3): Stored cross-site scripting (XSS) vulnerability in WS_FTP Server’s Management module

Medium Vulnerabilities

There are also two medium-severity vulnerabilities that have been discovered in WS_FTP Server:

  • CVE-2023-40048 (CVSS: 6.8 ): Missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function
  • CVE-2022-27665 (CVSS: 6.1): Reflected cross-site scripting (XSS) vulnerability in Progress Ipswitch WS_FTP Server 8.6.0
  • CVE-2023-40049 (CVSS: 5.3): File Enumeration Vulnerability

What to Do

If you are using WS_FTP Server, it is important to update to the latest version of the software as soon as possible to mitigate these security vulnerabilities. Progress has released hotfixes for all of the affected versions of WS_FTP Server.

In addition to updating your software, you should also implement other security measures to protect your WS_FTP Server system, such as:

  • Using strong passwords for all WS_FTP Server users
  • Implementing strong access control policies
  • Keeping your WS_FTP Server system up to date with the latest security patches
  • Regularly backing up your data

By following these security best practices, you can help to protect your WS_FTP Server system from attack.