Progress Software program, the maker of the MOVEit Switch file-sharing platform lately exploited in widespread information theft assaults, warned clients to patch a most severity vulnerability in its WS_FTP Server software program.
The corporate says hundreds of IT groups worldwide use its enterprise-grade WS_FTP Server safe file switch software program.
In an advisory revealed on Wednesday, Progress disclosed a number of vulnerabilities impacting the software program’s supervisor interface and Advert hoc Switch Module.
Out of all WS_FTP Server safety flaws patched this week, two of them had been rated as important, with the one tracked as CVE-2023-40044 receiving a most 10/10 severity score and permitting unauthenticated attackers to execute distant instructions after profitable exploitation of a .NET deserialization vulnerability within the Advert Hoc Switch module.
The opposite important bug (CVE-2023-42657) is a listing traversal vulnerability that allows attackers to carry out file operations outdoors the licensed WS_FTP folder path.
“Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system,” Progress mentioned.
In keeping with the corporate’s CVSS:3.1 score for each vulnerabilities, attackers can exploit them in low-complexity assaults that don’t require person interplay.
“We have addressed the vulnerabilities above and the Progress WS_FTP team strongly recommends performing an upgrade,” Progress warned.
“We do recommend upgrading to the most highest version which is 8.8.2. Upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running.”
The corporate additionally shared information on methods to take away or disable the susceptible WS_FTP Server Advert Hoc Switch Module if it’s not getting used.
2,100 profitable MOVEit information theft assaults and counting
Progress continues to be grappling with the aftermath of an extensive series of data theft attacks following the exploitation of a zero-day within the MOVEit Switch safe file switch platform by the Clop ransomware gang beginning Might 27.
As per estimates shared by security firm Emsisoft on Monday, the fallout of those assaults has affected greater than 2,100 organizations and over 62 million people.
Regardless of the broad scope and the big variety of victims, Coveware’s estimates recommend that solely a a restricted quantity are more likely to succumb to Clop’s ransom calls for. Nonetheless, the cybercriminal group is anticipated to gather an estimated $75-100 million in payments due to their excessive ransom calls for.
Moreover, reviews have additionally surfaced indicating that multiple U.S. federal agencies and two entities under the U.S. Department of Energy (DOE) have fallen sufferer to Clop’s information theft assaults.
Clop has been linked to a number of high-impact information theft and extortion campaigns concentrating on different managed file switch platforms, together with Accellion FTA servers in December 2020, the 2021 SolarWinds Serv-U Managed File Transfer attacksand the mass exploitation of a GoAnywhere MFT zero-day in January 2023.
On Tuesday, Progress Software program reported a 16% year-over-year income enhance for its fiscal third quarter that ended on August 31, 2023, in an 8-K form filed with the U.S. Securities and Alternate Fee.
Progress excluded “certain expenses resulting from the zero-day MOVEit Vulnerability” from the report because it intends “to provide additional details regarding the MOVEit Vulnerability in our Form 10-Q for the quarter ended August 31, 2023.”
Authentic Publish URL: https://www.bleepingcomputer.com/information/safety/progress-warns-of-maximum-severity-ws-ftp-server-vulnerability/
Date: 2023-09-29 04:46:19