WS_FTP Server Arbitrary File Upload
CVE-2023-42659

9.1CRITICAL

Key Information:

Vendor: Progress Software
Status: Ws Ftp Server
Vendor: CVE Published:; 7 November 2023

Badges

📰 News Worthy

Summary

An issue has been identified in WS_FTP Server versions earlier than 8.7.6 and 8.8.4, where an authenticated Ad Hoc Transfer user can exploit an unrestricted file upload vulnerability. This flaw enables the user to issue a crafted API call, resulting in unauthorized file uploads to specified locations on the server's underlying operating system. This vulnerability poses significant risks, as it can lead to potential exploitation of the server environment.

Affected Version(s)

WS_FTP Server 8.8.0

WS_FTP Server 8.8.0 < 8.8.4

WS_FTP Server 8.7.0 < 8.7.6

News Articles

🔗TheCyberThrone

CVE-2023-42659

CVE-2023-42659: Critical WS_FTP Server Vulnerability

Progress Software has urged its customers to immediately patch a critical vulnerability in its WS_FTP Server software. This vulnerability, identified as CVE-2023-42659 and carrying a CVSS score of 9.1, allows authenticated Ad Hoc Transfer users to upload files to arbitrary locations on the underlyin...

1 year ago

References

https://www.progress.com/ws_ftp

product

https://community.progress.com/s/article/WS-FTP-Server-Se...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by TheCyberThrone
Nov 8, 2023
Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 12, 2023