Progress, the developer of WS_FTP, has issued a warning about multiple critical vulnerabilities in WS_FTP Server. Users are advised to update to versions 8.7.4 and 8.8.2 or reconfigure their settings to disable the vulnerable modules.
There are two critical vulnerabilities:
1. CVE-2023-40044 – A vulnerability in the WS_FTP Server Ad hoc Transfer module. System administrators should disable this module if not in use or expedite the update.
2. CVE-2023-42657 – A vulnerability that allows malicious users with access privileges to send commands in unauthorized folders.
Progress, known for developing the MOVEit program, may not be widely recognized, but it has gained popularity in large organizations. However, these vulnerabilities have resulted in data breaches.
TLDR: Progress notifies users about critical vulnerabilities in WS_FTP Server, urging them to update to recommended versions or disable vulnerable modules. These vulnerabilities can lead to unauthorized access and data breaches.