TLP
TLP CLEAR
Author
Sebastien Tricaud
Summary
Caitlin Condon, an expert at Rapid7, has highlighted critical vulnerabilities in WS_FTP Server, a secure file transfer solution. These vulnerabilities, notably CVE-2023-40044 and CVE-2023-42657, were disclosed by Progress Software on September 27, 2023. CVE-2023-40044, a .NET deserialization flaw, allows remote code execution with a single HTTPS POST request. Rapid7 has observed active exploitation of these vulnerabilities.
It’s crucial for WS_FTP Server users to update to version 8.8.2, as recommended by Progress Software, due to the severity of the vulnerabilities. Non-critical vulnerabilities like XSS and SQL injection issues were also identified. Rapid7 provides mitigation guidance and detection rules for its customers.
Rapid7 noticed a mass exploitation pattern, suggesting a single threat actor’s involvement, reinforcing the urgency of addressing these issues. The security community should take these vulnerabilities seriously to prevent further exploitation.
TIMELINE
DATA
We are providing data for attacks weekly hoping to contribute raising awareness to threats from their data.
CATEGORY
0-day
