Progress Software, the maker of the infamous MOVEit Transfer App, announced that it had discovered a critical vulnerability in its WS_FTP Server software.
The new maximum severity vulnerability, designated CVE-2023-4044, could enable a pre-authenticated threat actor to exploit a .Net deserialization vulnerability to execute remote commands. The flaw affects all WS_FTP versions prior to 8.7.4 and 8.8.2.
Progress also released patches for seven other less severe vulnerabilities in WS_FTP Server versions prior to 8.8.2.
Progress’s announcement comes as the company continues to deal with the fallout of the mass exploitation of its MOVEit Transfer App software, which has affected over 2100 organizations worldwide. Many of these organizations were targets of ransomware attacks or had sensitive information breached.
Source: The Hacker News
Analysis
Fortunately, this maximum severity bug was discovered and responsibly disclosed to Progress before it could be exploited by threat actors, unlike the MOVEit zero-day vulnerability that was widely exploited in the wild before Progress was able to develop and deploy a patch.
Field Effect did not observe any available proof of concept exploit code for CVE-2023-4044, however, the flaw was just announced. It’s possible that threat actors could attempt to reverse engineer the patches to develop an exploit to deploy against unpatched WS_FTP servers in the future.
Secure data transfer services, such as MOVEit and FTP servers, are popular targets for exploitation, given the nature of the data they secure and the desirable list of organizations using them. Including MOVEit Transfer, four of the 10 most popular secure file transfer services have already been breached by threat actors, suggesting this pattern is likely to continue.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitors the cyber threat landscape for vulnerabilities in software such as WS_FTP. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate threat activity. Covalence users are automatically notified when vulnerable software, such as WS_FTP, is detected in their environment.
Field Effect recommends that organizations apply the appropriate mitigation measures and patch any affected versions of MOVEit Transfer and WS_FTP as soon as possible according to the instructions issued by Progress.
If your organization uses a secure data transfer service, ensure proper mitigations are in place to detect unauthorized access, misconfigurations, and data theft before a vulnerability is officially announced.
Related articles