CVE-2023-42657
WS_FTP Server Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
En las versiones del servidor WS_FTP anteriores a 8.7.4 y 8.8.2, se descubrió una vulnerabilidad de directory traversal. Un atacante podría aprovechar esta vulnerabilidad para realizar operaciones de archivos (delete, rename, rmdir, mkdir) en archivos y carpetas fuera de su ruta de carpeta WS_FTP autorizada. Los atacantes también podrían escapar del contexto de la estructura de archivos del servidor WS_FTP y realizar el mismo nivel de operaciones (delete, rename, rmdir, mkdir) en ubicaciones de archivos y carpetas en el sistema operativo subyacente.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-09-12 CVE Reserved
- 2023-09-27 CVE Published
- 2024-09-24 CVE Updated
- 2024-10-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
- CAPEC-126: Path Traversal
References (2)
URL | Tag | Source |
---|---|---|
https://www.progress.com/ws_ftp | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 | 2023-09-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Progress Search vendor "Progress" | Ws Ftp Server Search vendor "Progress" for product "Ws Ftp Server" | < 8.7.4 Search vendor "Progress" for product "Ws Ftp Server" and version " < 8.7.4" | - |
Affected
| ||||||
Progress Search vendor "Progress" | Ws Ftp Server Search vendor "Progress" for product "Ws Ftp Server" | >= 8.8.0 < 8.8.2 Search vendor "Progress" for product "Ws Ftp Server" and version " >= 8.8.0 < 8.8.2" | - |
Affected
|