MOVEit Developer Patches Critical File Transfer Bugs

September 29, 2023 | Progress Software has issued patches for critical vulnerabilities in its WS_FTP Server, impacting versions prior to 8.7.4 and 8.8.2. One of the vulnerabilities, CVE-2023-40044, with a CVSS score of 10.0, is a .NET deserialization flaw in the Ad Hoc Transfer module that allows pre-authenticated attackers to execute remote commands on the underlying operating system. Another critical flaw, CVE-2023-42657, with a CVSS score of 9.9, is a directory traversal vulnerability that enables attackers to perform unauthorized file operations on the underlying operating system. Organizations are advised to apply patches promptly or upgrade to the latest version (8.8.2) and plan for system outages during the upgrade process.

Read full article

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Tactics to Mitigate Security Gaps in Modern Threat Response. Upcoming Webinar - October 15.
This is default text for notification bar