September 29, 2023 | Progress Software has issued patches for critical vulnerabilities in its WS_FTP Server, impacting versions prior to 8.7.4 and 8.8.2. One of the vulnerabilities, CVE-2023-40044, with a CVSS score of 10.0, is a .NET deserialization flaw in the Ad Hoc Transfer module that allows pre-authenticated attackers to execute remote commands on the underlying operating system. Another critical flaw, CVE-2023-42657, with a CVSS score of 9.9, is a directory traversal vulnerability that enables attackers to perform unauthorized file operations on the underlying operating system. Organizations are advised to apply patches promptly or upgrade to the latest version (8.8.2) and plan for system outages during the upgrade process.
Read full article
