Vulnerability Description
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progress | Ws Ftp Server | < 8.7.4 |
Related Weaknesses (CWE)
References
- https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-SeVendor Advisory
- https://www.progress.com/ws_ftpProduct
- https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-SeVendor Advisory
- https://www.progress.com/ws_ftpProduct
FAQ
What is CVE-2023-42657?
CVE-2023-42657 is a vulnerability with a CVSS score of 9.9 (CRITICAL). In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rm...
How severe is CVE-2023-42657?
CVE-2023-42657 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-42657?
Check the references section above for vendor advisories and patch information. Affected products include: Progress Ws Ftp Server.