Progress Issues Security Update for Critical Vulnerabilities in WS_FTP Server

Progress (formerly Ipswitch) has released security updates for two critical vulnerabilities, three high vulnerabilities and three medium vulnerabilities found in the WS_FTP Server.

• CVE-2023-40044 - CWE 502 - This is a .NET deserialization vulnerability in the Ad Hoc Transfer module affecting WS_FTP Server versions prior to 8.7.4 and 8.8.2/ A "pre-authenticated" attacker could exploit this vulnerability to execute remote commands on the underlying operating system running WS_FTP Server. A CVSS v3 base score of 10 has been calculated.
• CVE-2023-42657 - CWE 22 - This is a directory traversal vulnerability in WS_FTP Server versions prior to 8.7.4 and 8.8.2. An attacker could exploit this vulnerability to perform file operations on files and folders outside of their authorised WS_FTP folder path. It could also allow the attacker to escape the context of the WS_FTP Server file structure and perform the same level of operations on file and folder locations on the system. A CVSS v3 base score of 9.9 has been calculated.
• CVE-2023-40045 - CWE 79 - This is a reflected cross-site scripting (XSS) vulnerability in the WS_FTP Server's Ad Hoc Transfer module for WS_FTP Server versions prior to 8.7.4 and 8.8.2.  An attacker could exploit this vulnerability to target WS_FTP Server users with a specialized payload allowing them to execute malicious JavaScript within the victim's browser. A CVSS v3 base score of 8.3 has been calculated.
• CVE-2023-40046 - CWE 89 - This is a SQL injection vulnerability in the WS_FTP Server manager interface for WS_FTP Server versions prior to 8.7.4 and 8.8.2. An attacker could infer information about the structure and contents of the database and execute SQL statements that edit or delete database elements. A CVSS v3 base score of 8.2 has been calculated.
• CVE-2023-40047 - CWE 79 - This is a stored cross-site scripting (XSS) vulnerability in WS_FTP Server's Management module for WS_FTP Server versions prior to 8.8.2. An attacker with administrative privileges could exploit this vulnerability to import an SSL certificate with malicious attributes containing cross-site scripting payloads. If the payload is successfully stored, an attacker could target WS_FTP Server admins with a specialised payload which may allow the execution of malicious JavaScript within the victim's browser. A CVSS v3 base score of 8.3 has been calculated.
• CVE-2023-40048 - CWE 352 - This is a cross-site request forgery vulnerability in POST transactions corresponding to a WS_FTP Server administrative function in WS_FTP Server versions prior to 8.8.2. A CVSS v3 base score of 6.8 has been calculated.
• CVE-2023-40049 - CWE-200 - This vulnerability in WS_FTP Server version prior to 8.8.2, could allow an unauthenticated attacker to enumerate files under the 'WebServiceHost' directory listing. A CVSS v3 base score of 5.3 has been calculated.
• CVE-2022-27665 - CWE-79 - This is a reflected XSS vulnerability via AngularJS sandbox escape expressions in Progress Ipswitch WS_FTP Server 8.6.0. An attacker could exploit this vulnerability to execute malicious code and commands on the client. The attacker could input malicious payloads in the subdirectory searchbar or add folder filename boxes, and execute client-side commands. A CVSS v3 base score of 6.1 has been calculated.