25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Users of Progress Software WS_FTP Server Urged to Immediately Upgrade

Posted By on Sep 29, 2023

Progress Software, the company behind the MOVEit Transfer file transfer solution that was recently subject to mass hacking and data theft attacks by the Clop threat group, has issued a warning to all users of its WS_FTP Server file transfer software to apply patches to fix 8 vulnerabilities, including two critical flaws that can be exploited in low-complexity attacks that require no user interaction. The vulnerabilities affect the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager interface.

  • CVE-2023-40444 (CVSS: 10) is a maximum-severity remote code execution vulnerability that affects all versions of WS_FTP Server prior to 8.7.4 and 8.8.2. A pre-authenticated attacker could exploit a .NET deserialization vulnerability in the Ad hoc Transfer Module and remotely execute commands on the underlying  WS_FTP Server operating system.
  • CVE-2023-42657 (CVSS: 9.9) is a critical directory traversal vulnerability that affects all versions of WS_FTP Server prior to 8.7.4 and 8.8.2. Successful exploitation of the vulnerability would allow an attacker to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. An attacker could also escape the context of the WS_FTP Server file structure and perform the same level of operations on file and folder locations on the underlying operating system.

The latest patches include fixes for three high-severity vulnerabilities:

  • CVE-2023-40045 (CVSS: 8.3) is a reflected cross-site scripting (XSS) vulnerability affecting all versions prior to 8.7.4 and 8.8.2. The vulnerability could be exploited to target WS-FTP Server users with a specialized payload that allows the execution of malicious JavaScript within the context of the victim’s browser.
  • CVE-2023-40046 (CVSS: 8.2) is a SQL injection vulnerability affecting all versions prior to 8.7.4 and 8.8.2. An attacker could exploit the vulnerability and infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements.
  • CVE-2023-40047 (CVSS: 8.3) is a stored cross-site scripting vulnerability affecting all versions prior to 8.8.2. An attacker with administrative privileges could import an SSL certificate with malicious attributes containing XSS payloads, and once installed could target WS_FTP Server admins with a specialized payload that results in the execution of malicious JavaScript within the context of the victim’s browser.

Patches have also been released to fix three medium-severity vulnerabilities: A cross-site request forgery (CSRF) Vulnerability – CVE-2023-40048 (CVSS:6.8); a Reflected XSS vulnerability – CVE-2022-27665 (CVSS: 6.1); and an information Disclosure vulnerability – CVE-2023-40049 (CVSS: 5.3).

Progress Software has recommended all users immediately upgrade to the latest version (8.8.2) by using the full installer, as it is the only way that the vulnerabilities can be fully remediated. Users of unsupported versions should ensure they upgrade to a fixed version of a supported product. Upgrading will result in an outage while the upgrade is running. If it is not possible to immediately upgrade, Progress Software says it is possible to mitigate the vulnerability by removing the WS_FTP Server Ad Hoc Transfer Module if it is not being used.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

“We have responsibly disclosed these vulnerabilities in conjunction with the researchers at Assetnote,” explained a spokesperson for Progress Software. “Currently, we have not seen any indication that these vulnerabilities have been exploited. We have issued a fix and have encouraged our customers to perform an upgrade to the patched version of our software. Security is of the utmost importance to us and we leverage development practices to minimize product vulnerabilities whenever possible.”

Vulnerabilities in file transfer solutions are actively sought by threat actors. The Clop group mass exploited vulnerabilities in two such solutions this year – Progress Software’s MOVEit Transfer solution and Fortra’s GoAnywhere MFT. The Clop group exploited the MOVEit Transfer vulnerability in attacks on at least 2,100 organizations and exfiltrated the data of more than 62 million individuals.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist