CVE-2023-42657
CRITICAL EXPLOITEDWS_FTP Server < 8.7.4 - Path Traversal and Arbitrary File Operations
Title source: llmExploitation Summary
CVE-2023-42657 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
References (2)
Core 2
Core References
Product product
https://www.progress.com/ws_ftp
Vendor Advisory vendor-advisory
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
Scores
CVSS v3
9.9
EPSS
0.0060
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
VulnCheck KEV
2023-10-09
CWE
CWE-22
Status
published
Products (1)
progress/ws_ftp_server
< 8.7.4
Published
Sep 27, 2023
Tracked Since
Feb 18, 2026