CERT TEAM: Critical Vulnerability Detected in WS_FTP Server
Log In or Register to download the BES file, and more.

1 Votes

Description

CERT TEAM - Critical Vulnerability Detected
CVE-2023-42657
Critical Vulnerability Detected in WS_FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.

Publication Date: 2023-09-27
Last Modified: 2023-09-29
CVSS 3 Score: 9.6 (Critical)

NVD CWEs

CWE-ID CWE Name Source
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') NIST Reference, Progress Software Corporation

Version Detections

OS Product Version
Any Version of Windows WS_FTP Server < 8.7.4
Any Version of Windows WS_FTP Server >= 8.8.0
< 8.8.2

Reference URLs

URL Tags
https://nvd.nist.gov/vuln/detail/CVE-2023-42657 NVD Reference
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 Vendor Advisory
https://www.progress.com/ws_ftp Product

Property Details

ID27009
StatusBeta - Preliminary testing ready for more
TitleCERT TEAM: Critical Vulnerability Detected in WS_FTP Server
DomainBESC
CategoryServer Software
SourceHCL CERT TEAM
Source IDCVE-2023-42657
Source SeverityCVSS3: CRITICAL
Source Release Date10/2/2023 12:00:00 AM
CVENamesCVE-2023-42657
KeywordsWS_FTP, CERT, vulnerability
Added by on 10/2/2023 2:16:38 PM
Last Modified by on 10/2/2023 2:16:38 PM
Counters 1237 Views / 20 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists keys whose ( ( exists value "DisplayName" of it AND (it as String) of value "DisplayName" of it contains "WS_FTP Server" ) AND ( exists value "DisplayVersion" of it ) AND ( ((it as String as Version) of value "DisplayVersion" of it < "8.7.4" as Version) OR ( ((it as String as Version) of value "DisplayVersion" of it >= "8.8.0" as Version) AND ((it as String as Version) of value "DisplayVersion" of it < "8.8.2" as Version) ) ) ) of keys "HKLM\software\microsoft\windows\currentversion\uninstall" of ( x32 registries;x64 registries)
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists (service names of it, display name of it) whose (item 0 of it as lowercase contains "ws_ftp" or item 1 of it as lowercase contains "ws_ftp") of all running services whose (exists service name of it)

Actions

Action 1 (default)

Action Link Click here to stop all WS_FTP services.
Script Type BigFix Action Script
delete "_appendfile"
delete "stop_services.cmd"

appendfile { concatenation "%0d%0a" of ("sc stop %22" & item 0 of it & "%22") of (service names of it, display name of it) whose (item 0 of it as lowercase contains "ws_ftp" or item 1 of it as lowercase contains "ws_ftp") of all running services whose (exists service name of it) }

move __appendfile "stop_services.cmd"
waithidden "stop_services.cmd"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!