Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Critical WS_FTP Server Vulnerabilities

September 29, 2023
Reading Time: 2 mins read
in Alerts

Progress Software, the developer of the MOVEit Transfer file-sharing platform that was recently involved in extensive data theft attacks, has issued a critical security advisory urging its customers to patch a high-severity vulnerability in its WS_FTP Server software.

The company serves thousands of IT teams worldwide with its enterprise-grade WS_FTP Server, a secure file transfer software. In the advisory published, Progress Software disclosed several vulnerabilities affecting the software’s manager interface and Ad Hoc Transfer Module.

Notably, two of these vulnerabilities are rated as critical, with CVE-2023-40044 garnering a maximum severity rating of 10/10, potentially allowing unauthenticated attackers to execute remote commands through a .NET deserialization vulnerability in the Ad Hoc Transfer module.

The other critical bug, CVE-2023-42657, involves a directory traversal vulnerability, enabling attackers to perform file operations outside the authorized WS_FTP folder path. This could permit them to delete, rename, or create directories and files on the underlying operating system.

Both critical vulnerabilities are rated as low-complexity issues, meaning they can be exploited without requiring significant user interaction. Progress Software is strongly recommending an immediate upgrade to version 8.8.2, as applying the full installer is the only effective way to remediate these vulnerabilities. However, this process will result in system downtime.

The company also offers guidance on removing or disabling the vulnerable WS_FTP Server Ad Hoc Transfer Module for cases where it’s not in use. The urgency of patching these vulnerabilities cannot be overstated, as they pose a significant security risk to the software’s users.

Progress Software’s move to address these issues underscores the importance of promptly applying security patches and updates to protect against potentially damaging cyberattacks.

Reference:
  • WS_FTP Server Critical Vulnerability – (September 2023)
Tags: Cyber AdvisoryCyber AlertCyber Alerts 2023CybersecurityMOVEitProgressSeptember 2023VulnerabilitiesWS_FTP
ADVERTISEMENT

Related Posts

Microsoft Copilot AI Exposes Sensitive Data

Microsoft Copilot AI Exposes Sensitive Data

May 12, 2025
Microsoft Copilot AI Exposes Sensitive Data

PupkinStealer Targets Data Through Telegram

May 12, 2025
Microsoft Copilot AI Exposes Sensitive Data

Fake AI Video Tools Spread Noodlophile

May 12, 2025
FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025

Latest Alerts

Microsoft Copilot AI Exposes Sensitive Data

PupkinStealer Targets Data Through Telegram

Fake AI Video Tools Spread Noodlophile

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

Subscribe to our newsletter

    Latest Incidents

    Mobius Token Exploit Drains $2.15 Million

    Cyberattack Hits Public Agencies in Paraguay

    Cyberattack Hits Università Roma Tre Website

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial