Another set of critical vulnerabilities has been found in a file transfer application, raising worries that, if exploited before being patched, it too will lead to a huge number of data breaches.
Progress Software said this week the eight vulnerabilities — two of which are rated critical — have been found in its WS_FTP Server, used for the secure transfer of critical data.
The holes are in the Ad hoc Transfer Module and in the software’s manager interface.
“All versions of WS_FTP Server are affected by these vulnerabilities,” the company said. “We have addressed these issues and have made version-specific hotfixes available for customers to remediate them.”
The company told The Record that so far it hasn’t seen the vulnerabilities being exploited.
On its website, Progress Software lists case studies of a number of major organizations that have used WS_FTP, including a U.S. school district, a game company, and the Denver Broncos NFL team.
A zero-day vulnerability in Progress Software’s MOVEit file transfer application discovered by the Clop/Cl0p ransomware gang has led to over 2,000 hacks of MOVEit servers and the theft of information of an estimated 62 million people.
This category of applications may be tempting for threat actors to find holes in because their servers would have large volumes of data sitting there. While secure file transfer servers should have protection for data at rest, if an attacker can get administrator access that could defeat the encryption.
The critical vulnerabilities in WS_FTP include:
CVSS score: 10
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system;
CVSS score: 9.9
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.