CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 696
- Points
- 83
Government agencies, schools, and large corporations can become victims of hackers.
Recently, Progress Software warned its customers about a critical vulnerability in the WS_FTP Server software, which is used by thousands of IT teams around the world. The vulnerability was identified by information security specialists from Assetnote and was designated CVE-2023-40044 (CVSS: 10).
In the official announcement, the WS_FTP team described the vulnerabilities found in the Ad Hoc Transfer module and the WS_FTP Server management interface. The disadvantages affect all versions of WS_FTP Server. The problems are related to deserialization in .NET in the Ad Hoc Transfer module, which allows an unauthorized attacker to remotely execute arbitrary code on the operating system running WS_FTP Server.
In a statement, Progress recommended that users upgrade to the latest patched version, 8.8.2, as the only way to fix the issues. It is noted that during the update, the system will crash. Information was also provided on how to remove or disable the vulnerable Ad Hoc Transfer module if it is not used.
Assetnote researchers are puzzled by how long the bug went unnoticed despite the fact that most versions of WS_FTP were vulnerable. Experts found about 2,900 hosts available on the Internet running WS_FTP. Most of them are owned by large enterprises, government organizations, and educational institutions.
Cybersecurity company Rapid7 reported that attackers began exploiting the CVE-2023-40044 vulnerability shortly after Assetnote published a Proof of Concept (PoC) for this vulnerability. According to the Rapid7 report, on September 30, several cases of WS_FTP exploitation were recorded in various client environments. The incidents occurred several minutes apart at night between 01: 38: 43 UTC and 01: 41: 38 UTC on October 1, 2023, which indicates a possible massive use of vulnerabilities in WS_FTP servers.
The incident highlights the importance of timely detection and elimination of software vulnerabilities in order to prevent possible cyber attacks and ensure reliable protection of data and systems.
Recently, Progress Software warned its customers about a critical vulnerability in the WS_FTP Server software, which is used by thousands of IT teams around the world. The vulnerability was identified by information security specialists from Assetnote and was designated CVE-2023-40044 (CVSS: 10).
In the official announcement, the WS_FTP team described the vulnerabilities found in the Ad Hoc Transfer module and the WS_FTP Server management interface. The disadvantages affect all versions of WS_FTP Server. The problems are related to deserialization in .NET in the Ad Hoc Transfer module, which allows an unauthorized attacker to remotely execute arbitrary code on the operating system running WS_FTP Server.
In a statement, Progress recommended that users upgrade to the latest patched version, 8.8.2, as the only way to fix the issues. It is noted that during the update, the system will crash. Information was also provided on how to remove or disable the vulnerable Ad Hoc Transfer module if it is not used.
Assetnote researchers are puzzled by how long the bug went unnoticed despite the fact that most versions of WS_FTP were vulnerable. Experts found about 2,900 hosts available on the Internet running WS_FTP. Most of them are owned by large enterprises, government organizations, and educational institutions.
Cybersecurity company Rapid7 reported that attackers began exploiting the CVE-2023-40044 vulnerability shortly after Assetnote published a Proof of Concept (PoC) for this vulnerability. According to the Rapid7 report, on September 30, several cases of WS_FTP exploitation were recorded in various client environments. The incidents occurred several minutes apart at night between 01: 38: 43 UTC and 01: 41: 38 UTC on October 1, 2023, which indicates a possible massive use of vulnerabilities in WS_FTP servers.
The incident highlights the importance of timely detection and elimination of software vulnerabilities in order to prevent possible cyber attacks and ensure reliable protection of data and systems.
