Critical WinSock File Transfer Protocol flaws discovered

Home / Threat Intelligence bulletins / Critical WinSock File Transfer Protocol flaws discovered

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Two critical WinSock File Transfer Protocol (WS_FTP) vulnerabilities have been discovered in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. The flaws, tracked as CVE-2023-40044 and CVE-2023-42657, have received CVSSv3 scores of 10.0 and 9.8, respectively.

Impact

  • Successful exploitation of CVE-2023-40044 could allow a pre-authenticated threat actor to leverage a .NET deserialisation flaw in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
  • Successful exploitation of CVE-2023-42657 could allow a threat actor to perform file operations on files and folders outside of their authorised WS_FTP folder path.

Vulnerability Detection

A security patch for these vulnerabilities has been released. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

WS_FTP Server versions prior to 8.7.4 and 8.8.2.

Containment, Mitigations & Remediations

It is strongly recommended that users apply the WS_FTP version 8.8.2 as a matter of urgency. The recommended steps, as well as the required installer can be found within the Progress Security Advisory.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

WS_FTP occupies a significant portion of the file transfer software market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, it is possible that such products will become a prime target for threat actors. Due to the fact that file transfer software has become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to exfiltrate sensitive data and to achieve further objectives.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

CVE-2023-40044 (Tactic):

TA0002 – Execution

CVE-2023-42657 (Common Weakness Enumeration):

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Further Information

Progress Security Advisory

 

An Intelligence Terminology Yardstick to showing the likelihood of events