Organizations using Progress Software's enterprise-grade WS_FTP Server secure file transfer software have been urged to immediately remediate a maximum severity vulnerability, which has been fixed along with other bugs as part of a security update, reports BleepingComputer.
Threat actors could leverage the maximum severity flaw, tracked as CVE-2023-40044, to facilitate remote command execution, while the other critical vulnerability, tracked as CVE-2023-42657, could be exploited to enable file operations outside the permitted folder path.
"Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system," said Progress Software, which recommended prompt upgrades to version 8.8.2 of the software to address the issue.
Meanwhile, over than 2,100 organizations around the world have already been impacted by the Cl0p ransomware operation's hack of the company's MOVEit file transfer system in May, affecting more than 62 million individuals.
Patch/Configuration Management, Vulnerability Management
Immediate remediation needed for maximum severity Progress WS_FTP server bug
Share
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news