- 244/2023
- Critical
WS_FTP has released security updates to address vulnerabilities affecting WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager Interface.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands, perform cross-site scripting attacks, or gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. WS_FTP Server Command Execution Vulnerability (CVE-2023-40044):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. WS_FTP Server Directory Traversal Vulnerability (CVE-2023-42657):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Affected Versions:
- WS_FTP Server versions prior to 8.7.4 and 8.8.2.
- WS_FTP Server 8.6.0.
Vulnerabilities
- CVE-2023-40044
- CVE-2023-42657
- CVE-2023-40045
- CVE-2023-40046
- CVE-2023-40047
- CVE-2023-40048
- CVE-2022-27665
- CVE-2023-40049
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.