WS_FTP Server Arbitrary File Upload
CVE-2023-42659

9.1CRITICAL

Key Information:

Vendor: Progress Software
Status: Ws Ftp Server
Vendor: CVE Published:; 7 November 2023

Badges

📰 News Worthy

Summary

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

Affected Version(s)

WS_FTP Server 8.8.0

WS_FTP Server 8.8.0 < 8.8.4

WS_FTP Server 8.7.0 < 8.7.6

News Articles

TheCyberThrone

CVE-2023-42659

CVE-2023-42659: Critical WS_FTP Server Vulnerability

Progress Software has urged its customers to immediately patch a critical vulnerability in its WS_FTP Server software. This vulnerability, identified as CVE-2023-42659 and carrying a CVSS score of 9.1, allows authenticated Ad Hoc Transfer users to upload files to arbitrary locations on the underlyin...

1 year ago

References

https://www.progress.com/ws_ftp

product

https://community.progress.com/s/article/WS-FTP-Server-Se...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by TheCyberThrone
Nov 8, 2023
Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 12, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)