PT-2023-5770 · Ipswitch · Ws Ftp Server
Published
2023-09-12
·
Updated
2023-10-10
·
CVE-2023-42657
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WS FTP Server versions prior to 8.7.4 and 8.8.2
Description
A directory traversal vulnerability was discovered in WS FTP Server, allowing an attacker to perform file operations such as delete, rename, rmdir, and mkdir on files and folders outside of their authorized WS FTP folder path. Attackers could also escape the context of the WS FTP Server file structure and perform the same level of operations on file and folder locations on the underlying operating system.
Recommendations
For WS FTP Server versions prior to 8.7.4, update to version 8.7.4 or later.
For WS FTP Server versions prior to 8.8.2, update to version 8.8.2 or later.
As a temporary workaround, consider restricting access to sensitive files and folders to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ws Ftp Server