CVE-2023-42659 - Vulnerability Details - OpenCVE

Description

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

Published: 2023-11-07

Score: 9.1 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Progress Software Corporation

WS_FTP Server

affected

Version	Status	Constraints
`8.8.0`	affected	< 8.8.4
`8.7.0`	affected	< 8.7.6

Configuration 1 [-]

OR	cpe:2.3:a:progress:ws_ftp_server::::::::
	cpe:2.3:a:progress:ws_ftp_server::::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-47092	In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
https://www.progress.com/ws_ftp

History

No history.

Subscriptions

Progress Ws Ftp Server

MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2023-11-07T15:13:40.001Z

Updated: 2024-09-04T15:24:41.092Z

Reserved: 2023-09-12T13:30:29.571Z

Link: CVE-2023-42659

Vulnrichment

Updated: 2024-08-02T19:23:40.175Z

NVD

Status : Modified

Published: 2023-11-07T16:15:28.923

Modified: 2024-11-21T08:22:54.320

Link: CVE-2023-42659

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42659", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2023-09-12T13:30:29.571Z", "datePublished": "2023-11-07T15:13:40.001Z", "dateUpdated": "2024-09-04T15:24:41.092Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Ad Hoc Transfer Module"], "product": "WS_FTP Server", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "8.8.4", "status": "affected", "version": "8.8.0", "versionType": "semver"}, {"lessThan": "8.7.6", "status": "affected", "version": "8.7.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(252, 252, 252);\">In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.<br></span>"}], "value": "\nIn WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.\n"}], "impacts": [{"capecId": "CAPEC-17", "descriptions": [{"lang": "en", "value": "CAPEC-17 Using Malicious Files"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-11-07T15:13:40.001Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/ws_ftp"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023"}], "source": {"discovery": "UNKNOWN"}, "title": "WS_FTP Server Arbitrary File Upload", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:40.175Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://www.progress.com/ws_ftp"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T15:17:10.115964Z", "id": "CVE-2023-42659", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T15:24:41.092Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.progress.com/ws_ftp", "tags": ["product", "x_transferred"]}, {"url": "https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:40.175Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42659", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T15:17:10.115964Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T15:24:37.632Z"}}], "cna": {"title": "WS_FTP Server Arbitrary File Upload", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-17", "descriptions": [{"lang": "en", "value": "CAPEC-17 Using Malicious Files"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Progress Software Corporation", "modules": ["Ad Hoc Transfer Module"], "product": "WS_FTP Server", "versions": [{"status": "affected", "version": "8.8.0", "lessThan": "8.8.4", "versionType": "semver"}, {"status": "affected", "version": "8.7.0", "lessThan": "8.7.6", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.progress.com/ws_ftp", "tags": ["product"]}, {"url": "https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIn WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(252, 252, 252);\">In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.<br></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-11-07T15:13:40.001Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42659", "state": "PUBLISHED", "dateUpdated": "2024-09-04T15:24:41.092Z", "dateReserved": "2023-09-12T13:30:29.571Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2023-11-07T15:13:40.001Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8424B148-39EF-483E-81F3-25A2FFF83CE6", "versionEndExcluding": "8.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "23DE01DB-BA5C-4064-88B3-99B228E1E7C9", "versionEndExcluding": "8.8.4", "versionStartIncluding": "8.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIn WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.\n"}, {"lang": "es", "value": "WS_FTP Server en las versiones anteriores a 8.7.6 y 8.8.4, se identific\u00f3 una falla en la carga de archivos sin restricciones. Un usuario autenticado de Ad Hoc Transfer tiene la capacidad de crear una llamada API que le permite cargar un archivo en una ubicaci\u00f3n espec\u00edfica en el sistema operativo subyacente que aloja la aplicaci\u00f3n del servidor WS_FTP."}], "id": "CVE-2023-42659", "lastModified": "2024-11-21T08:22:54.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "security@progress.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-07T16:15:28.923", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://www.progress.com/ws_ftp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.progress.com/ws_ftp"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@progress.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}