Multiple vulnerabilities have been found in all versions of WS_FTP Server. The critical and high vulnerabilities include a directory traversal flaw (CVE-2023-42657) with a CVSS score of 9.9, a high-severity reflected cross-site scripting (XSS) issue (CVE-2023-40045, CVSS 8.3), a SQL injection vulnerability (CVE-2023-40046, CVSS 8.2), and a high-severity stored XSS vulnerability (CVE-2023-40047, CVSS 8.3). Barracuda MSP recommends customers to thoroughly review this Cybersecurity Threat Advisory as well as apply patches immediately in its WS_FTP Server software to limit the impact of a WS_FTP Server vulnerability.
What is the threat?
These vulnerabilities in WS_FTP Server present critical and high-severity threats:
- CVE-2023-40044 (Critical) affects all WS_FTP Server versions with the Ad Hoc module, enabling attackers to remotely execute commands via a .NET deserialization flaw.
- CVE-2023-42657 (Critical) impacts versions of WS_FTP Server preceding 8.7.4 and 8.8.2, allowing unauthorized file operations outside authorized paths. Attackers can manipulate directory traversal techniques to escape authorized WS_FTP folder paths, compromising file and folder security.
- CVE-2023-40045 (High) affects versions before 8.7.4 and 8.8.2, enabling attackers to execute malicious JavaScript in victims’ browsers. They craft specialized payloads, tricking users into triggering them, leading to the execution of malicious code in the victim’s browser.
- CVE-2023-40046 (High), also in versions before 8.7.4 and 8.8.2, permits attackers to exploit a SQL injection vulnerability, manipulating input fields to execute unauthorized SQL queries. This allows them to access, infer, and potentially alter the database.
According to the company, for both critical vulnerabilities, attackers can exploit them in low-complexity attacks that don’t require user interaction.
Why is it noteworthy?
WS_FTP Server is used across various industries, affecting a diverse range of organizations. The damage potential is substantial, as these vulnerabilities enable attackers to execute remote commands, perform unauthorized file operations, and inject malicious code. Immediate action is imperative, as neglecting these vulnerabilities could result in severe consequences such as data breaches, reputational damage, and legal repercussions. Swift mitigation measures are essential to protect systems and data effectively.
What is the exposure or risk?
If leveraged, these vulnerabilities can grant attackers the ability to execute remote commands, manipulate files, inject malicious code, and potentially gain access to the underlying database. The potential for further compromise is heightened due to the evolving nature of cyber threats and the introduction of new attack vectors. Consequently, anyone using WS_FTP Server, particularly administrators and organizations relying on this software for secure file transfers, is at risk of experiencing data breaches, loss of critical information, and severe damage to their systems and reputation.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of a WS_FTP Server critical vulnerability:
- Prioritize updating WS_FTP Server to the latest patched version, 8.8.2, to address these vulnerabilities effectively. Upgrading to a patched release using the full installer is the only way to remediate this issue. Please be aware that there will be an outage during the upgrade process, but this is a necessary step to ensure the security of your system.
- If immediate updates are challenging, apply security patches and updates to mitigate known risks.
- For critical vulnerabilities, like CVE-2023-40044, consider disabling or removing non-essential modules, such as Ad Hoc Transfer.
- Implement WAFs to defend against XSS attacks, like CVE-2023-40045, by detecting and blocking malicious web traffic.
- Continuously monitor systems, educate users on security best practices, and maintain strict access control to reduce vulnerability.
References
For more in-depth information about the recommendations, please visit the following links:
- https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
- https://www.bleepingcomputer.com/news/security/progress-warns-of-maximum-severity-ws-ftp-server-vulnerability/
- https://www.cve.org/CVERecord?id=CVE-2023-40044
- https://www.cve.org/CVERecord?id=CVE-2023-42657
If you have any questions about this Cybersecurity Threat Advisory, please contact our Security Operations Center.
