Progress Software’s Inaction Leads to Mass Hacks of WS_FTP Servers

Recently, Progress Software has notified its customers regarding a critical vulnerability discovered in the WS_FTP Server software, which is utilized by numerous IT commands worldwide. The vulnerability, designated as CVE-2023-4004 with a CVSS score of 10, was identified by IB specialists from Assetnote.

In an official statement, the WS_FTP team addressed the vulnerabilities found in the AD HOC Transfer module and the WS_FTP Server control interface. These vulnerabilities impact all versions of WS_FTP Server. The weaknesses are associated with deserialization within the platform, which includes several key components such as the .NET execution environment, .NET classes, and programming language compilers.

.NET is widely utilized for developing diverse applications including desktop, web, and mobile applications, as well as games and web server services.

/Reports, release notes, official announcements.