CVE-2023-42659 — CRITICAL (9.1)

Q: How severe is CVE-2023-42659?

CVE-2023-42659 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-42659?

Check the references section above for vendor advisories and patch information. Affected products include: Progress Ws Ftp Server.

Vulnerability Description

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Progress	Ws Ftp Server	< 8.7.6

Related Weaknesses (CWE)

CWE-434

References

https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-202Vendor Advisory
https://www.progress.com/ws_ftpProduct
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-202Vendor Advisory
https://www.progress.com/ws_ftpProduct

FAQ

What is CVE-2023-42659?

CVE-2023-42659 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them...

How severe is CVE-2023-42659?

CVE-2023-42659 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-42659?

Check the references section above for vendor advisories and patch information. Affected products include: Progress Ws Ftp Server.