Lucene search

[email protected]NVD:CVE-2023-42657

HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-42657

2023-09-2715:19:32

CWE-22

[email protected]

web.nvd.nist.gov

ws_ftp server

directory traversal

vulnerability

file operations

delete

rename

rmdir

mkdir

attacker

unauthorized access

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.

Affected configurations

Nvd

Node

progressws_ftp_serverRange<8.7.4

progressws_ftp_serverRange8.8.0–8.8.2

VendorProductVersionCPE
progressws_ftp_server*cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	ws_ftp_server	*	cpe:2.3:a:progress:ws_ftp_server::::::::

References

community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

www.progress.com/ws_ftp

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Related for NVD:CVE-2023-42657

vulnrichment1 prion1 cvelist1 cve1 nessus1 thn1 rapid7blog1