CERT TEAM: Critical Vulnerability Detected in WS_FTP Server
Log In or Register to download the BES file, and more.

1 Votes

Description

CERT TEAM - Critical Vulnerability Detected
CVE-2023-42657
Critical Vulnerability Detected in WS_FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.

Publication Date: 2023-09-27
Last Modified: 2023-09-29
CVSS 3 Score: 9.6 (Critical)

NVD CWEs

CWE-ID CWE Name Source
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') NIST Reference, Progress Software Corporation

Version Detections

OS Product Version
Any Version of Windows WS_FTP Server < 8.7.4
Any Version of Windows WS_FTP Server >= 8.8.0
< 8.8.2

Reference URLs

URL Tags
https://nvd.nist.gov/vuln/detail/CVE-2023-42657 NVD Reference
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 Vendor Advisory
https://www.progress.com/ws_ftp Product

Property Details

ID27009
StatusBeta - Preliminary testing ready for more
TitleCERT TEAM: Critical Vulnerability Detected in WS_FTP Server
DomainBESC
CategoryServer Software
SourceHCL CERT TEAM
Source IDCVE-2023-42657
Source SeverityCVSS3: CRITICAL
Source Release Date10/2/2023 12:00:00 AM
CVENamesCVE-2023-42657
KeywordsWS_FTP, CERT, vulnerability
Added by on 10/2/2023 2:16:38 PM
Last Modified by on 10/2/2023 2:16:38 PM
Counters 2906 Views / 20 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists keys whose ( ( exists value "DisplayName" of it AND (it as String) of value "DisplayName" of it contains "WS_FTP Server" ) AND ( exists value "DisplayVersion" of it ) AND ( ((it as String as Version) of value "DisplayVersion" of it < "8.7.4" as Version) OR ( ((it as String as Version) of value "DisplayVersion" of it >= "8.8.0" as Version) AND ((it as String as Version) of value "DisplayVersion" of it < "8.8.2" as Version) ) ) ) of keys "HKLM\software\microsoft\windows\currentversion\uninstall" of ( x32 registries;x64 registries)
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists (service names of it, display name of it) whose (item 0 of it as lowercase contains "ws_ftp" or item 1 of it as lowercase contains "ws_ftp") of all running services whose (exists service name of it)

Actions

Action 1 (default)

Action Link Click here to stop all WS_FTP services.
Script Type BigFix Action Script 
delete "_appendfile"
delete "stop_services.cmd"

appendfile { concatenation "%0d%0a" of ("sc stop %22" & item 0 of it & "%22") of (service names of it, display name of it) whose (item 0 of it as lowercase contains "ws_ftp" or item 1 of it as lowercase contains "ws_ftp") of all running services whose (exists service name of it) }

move __appendfile "stop_services.cmd"
waithidden "stop_services.cmd"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as