CVE-2023-42657

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.6
v2 : unknown
v3 : 9.9
References () https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 - Vendor Advisory () https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 - Vendor Advisory
References () https://www.progress.com/ws_ftp - Product () https://www.progress.com/ws_ftp - Product

29 Sep 2023, 14:34

Type Values Removed Values Added
CPE cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*
First Time Progress
Progress ws Ftp Server
References (MISC) https://www.progress.com/ws_ftp - (MISC) https://www.progress.com/ws_ftp - Product
References (MISC) https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 - (MISC) https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 - Vendor Advisory
CWE CWE-22
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.6

27 Sep 2023, 16:21

Type Values Removed Values Added
Summary In WS_FTP Server version 8.7.0 prior to 8.7.4 and version 8.8.0 prior to 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.

27 Sep 2023, 15:40

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-11-21 08:22


NVD link : CVE-2023-42657

Mitre link : CVE-2023-42657

CVE.ORG link : CVE-2023-42657


JSON object : View

Products Affected

progress

  • ws_ftp_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')