For the second time in current months, Progress Software program is requiring enterprise safety groups to drop all the things and transfer shortly to guard their organizations in opposition to vital vulnerabilities in its file-transfer software program — this time, the WS_FTP file switch product utilized by some 40 million individuals.
Essentially the most extreme of the bugs permits for pre-authenticated distant code execution (RCE) with none consumer interplay. As well as, the group additionally features a bug that is close to most severity and 6 which might be of both excessive or medium severity.
Information of the brand new vulnerabilities comes at the same time as thousands of Progress customers are reeling from a zero-day vulnerability in its MOVEit file switch expertise that the corporate disclosed in late Could. To date, more than 2,100 organizations have fallen sufferer to assaults leveraging the flaw, lots of them by the Cl0p ransomware group. The newly disclosed bugs may very well be equally harmful: They have an effect on all supported variations of WS_FTP, which, like MOVEit, is enterprise-grade software program that organizations use to allow safe file transfers between techniques, teams, people.
In an emailed assertion to Darkish Studying, a spokesman from Progress mentioned the corporate has seen no indicators of exploit exercise concentrating on any of the failings, thus far.
“We have responsibly disclosed these vulnerabilities in conjunction with the researchers at Assetnote,” the assertion mentioned. “Currently, we have not seen any indication that these vulnerabilities have been exploited. We have issued a fix and have encouraged our customers to perform an upgrade to the patched version of our software.”
Patch WS_FTP Now
Progress has remediated the vulnerabilities and issued version-specific hotfixes for all affected merchandise. The corporate is urging its prospects to replace instantly or apply its advisable mitigation steps; Progress desires organizations which might be utilizing unsupported variations of WS_FTP to improve to a supported and glued model ASAP as effectively.
“Upgrading to a patched release, using the full installer, is the only way to remediate this issue,” Progress mentioned. “There will be an outage to the system while the upgrade is running.”
Particularly, the vulnerabilities that Progress disclosed this week are current within the WS_FTP Server Advert hoc Switch Module and within the WS_FTP Server supervisor interface.
Essential Vulnerability Is “Easily Exploitable”
The utmost severity vulnerability tracked as CVE-2023-40044 impacts WS_FTP Server variations prior to eight.7.4 and eight.8.2, and as talked about provides attackers a method to acquire pre-authentication RCE on affected techniques. Progress described the difficulty as a .NET serialization vulnerability — a standard type of bug the place an app processes request payloads in an insecure method. Such flaws can allow denial-of-service assaults, data leaks, and RCE. Progress credited two researchers from Assetnote as discovering the failings and reporting it to the corporate.
Caitlin Condon, head of vulnerability analysis at Rapid7, says her firm’s analysis staff was in a position to identification the vulnerability and check its exploitability. “[Rapid 7 has] verified that it is easily exploitable with an HTTPS POST request — and some specific multipart data — to any URI under a specific path. No authentication is required, and no user interaction is required,” Condon says.
In a submit on X (previously Twitter) on Sept. 28, one of many Assetnote researchers introduced the corporate’s plans to release a full write-up on the problems they found in 30 days — or if particulars of the exploit develop into publicly obtainable earlier than then.
In the meantime, the opposite vital bug is a listing traversal vulnerability, CVE-2023-42657, in WS_FTP Server variations earlier than 8.7.4 and eight.8.2.
“An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path,” Progress warned in its advisory. “Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.” The bug has a CVSS rating of 9.9 out of 10, making it a close to most severity vulnerability. Directory traversal flawsor path traversal, are vulnerabilities that mainly give attackers a method to entry unauthorized information and directories.
Learn how to Uncover the Bugs in Progress’ File Switch
The opposite points embrace two high-severity bugs (CVE-2023-40045 and CVE-2023-40047), that are cross-site scripting (XSS) vulnerabilities that allow execution of malicious JavaScript. The medium safety flaws embrace CVE-2023-40048a cross-site request forgery (CSRF) bug; and CVE-2023-40049an data disclosure subject, amongst others.
“WF_FTP has a rich history and is typically used among IT and developers,” says Timothy Morris, chief safety advisor at Tanium, including that organizations that preserve an excellent software program stock and/or have applications to observe software program use of their surroundings ought to have a comparatively simple time monitoring down and updating susceptible cases of WS_FTP.”
He provides, “Also, since running versions of WS_FTP typically has incoming ports open to accept connection requests, it wouldn’t be difficult to spot with network monitoring tools.”
“I’d start with software inventory tools to scan the environment — app installed, service running — then use file searches as a secondary method to search and find versions of WS_FTP, at rest,” he says.
Author: Jai Vijayan, Contributing Author, Darkish Studying
Date: 2023-09-29 12:34:09
