Main Vulnerability Database Vulnerabilities #VU81276

Path traversal in WS_FTP - CVE-2023-42657

Published: September 29, 2023

Vulnerability identifier: #VU81276

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-42657

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WS_FTP

Software vendor:
Progress Software Corporation

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can escape the context of the WS_FTP Server file structure and perform file operations on any file on the underlying system.

Remediation

Install update from vendor's website.

External links

https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

Path traversal in WS_FTP - CVE-2023-42657

Description

Remediation

External links

Please verify you're human