Get in Touch
Indiscriminate, opportunistic targeting.
Two critical WinSock File Transfer Protocol (WS_FTP) vulnerabilities have been discovered in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. The flaws, tracked as CVE-2023-40044 and CVE-2023-42657, have received CVSSv3 scores of 10.0 and 9.8, respectively.
- Successful exploitation of CVE-2023-40044 could allow a pre-authenticated threat actor to leverage a .NET deserialisation flaw in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
- Successful exploitation of CVE-2023-42657 could allow a threat actor to perform file operations on files and folders outside of their authorised WS_FTP folder path.
A security patch for these vulnerabilities has been released. Previous product versions therefore remain vulnerable to potential exploitation.
WS_FTP Server versions prior to 8.7.4 and 8.8.2.
Containment, Mitigations & Remediations
It is strongly recommended that users apply the WS_FTP version 8.8.2 as a matter of urgency. The recommended steps, as well as the required installer can be found within the Progress Security Advisory.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
WS_FTP occupies a significant portion of the file transfer software market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, it is possible that such products will become a prime target for threat actors. Due to the fact that file transfer software has become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to exfiltrate sensitive data and to achieve further objectives.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution
CVE-2023-42657 (Common Weakness Enumeration):
CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)