Progress Software program, the maker of the MOVEit Switch file-sharing platform just lately exploited in widespread information theft assaults, warned prospects to patch a most severity vulnerability in its WS_FTP Server software program.
The corporate says 1000’s of IT groups worldwide use its enterprise-grade WS_FTP Server safe file switch software program.
In an advisory revealed on Wednesday, Progress disclosed a number of vulnerabilities impacting the software program’s supervisor interface and Advert hoc Switch Module.
Out of all WS_FTP Server safety flaws patched this week, two of them had been rated as vital, with the one tracked as CVE-2023-40044 receiving a most 10/10 severity ranking and permitting unauthenticated attackers to execute distant instructions after profitable exploitation of a .NET deserialization vulnerability within the Advert Hoc Switch module.
The opposite vital bug (CVE-2023-42657) is a listing traversal vulnerability that permits attackers to carry out file operations exterior the licensed WS_FTP folder path.
“Attackers may additionally escape the context of the WS_FTP Server file construction and carry out the identical stage of operations (delete, rename, rmdir, mkdir) on file and folder areas on the underlying working system,” Progress mentioned.
In response to the corporate’s CVSS:3.1 ranking for each vulnerabilities, attackers can exploit them in low-complexity assaults that do not require consumer interplay.
“We’ve got addressed the vulnerabilities above and the Progress WS_FTP staff strongly recommends performing an improve,” Progress warned.
“We do advocate upgrading to probably the most highest model which is 8.8.2. Upgrading to a patched launch, utilizing the total installer, is the one solution to remediate this challenge. There shall be an outage to the system whereas the improve is operating.”
The corporate additionally shared data on tips on how to take away or disable the weak WS_FTP Server Advert Hoc Switch Module if it isn’t getting used.
2,100 profitable MOVEit information theft assaults and counting
Progress remains to be grappling with the aftermath of an intensive sequence of information theft assaults following the exploitation of a zero-day within the MOVEit Switch safe file switch platform by the Clop ransomware gang beginning Might 27.
As per estimates shared by safety agency Emsisoft on Monday, the fallout of those assaults has affected greater than 2,100 organizations and over 62 million people.
Regardless of the broad scope and the big variety of victims, Coveware’s estimates recommend that solely a a restricted quantity are prone to succumb to Clop’s ransom calls for. Nonetheless, the cybercriminal group is anticipated to gather an estimated $75-100 million in funds due to their excessive ransom calls for.
Moreover, reviews have additionally surfaced indicating that a number of U.S. federal businesses and two entities below the U.S. Division of Power (DOE) have fallen sufferer to Clop’s information theft assaults.
Clop has been linked to a number of high-impact information theft and extortion campaigns concentrating on different managed file switch platforms, together with Accellion FTA servers in December 2020, the 2021 SolarWinds Serv-U Managed File Switch assaults, and the mass exploitation of a GoAnywhere MFT zero-day in January 2023.
On Tuesday, Progress Software program reported a 16% year-over-year income improve for its fiscal third quarter that ended on August 31, 2023, in an 8-Ok kind filed with the U.S. Securities and Change Fee.
Progress excluded “sure bills ensuing from the zero-day MOVEit Vulnerability” from the report because it intends “to offer extra particulars relating to the MOVEit Vulnerability in our Type 10-Q for the quarter ended August 31, 2023.”
