Protect Your Files with WS_FTP Server – Update Now!

CVECVE-2023-42657
CVSScvssV3_1: 9.9
SourceCVE-2023-42657

WS_FTP Server is a popular file transfer program used by many businesses and individuals. Unfortunately, a serious vulnerability was discovered that could allow hackers to access and delete files they shouldn’t have access to.

The vulnerability is a directory traversal issue, which means a hacker could manipulate parts of the file path to access files outside their designated folder. This would let them browse, delete or modify any file on the server, even in restricted areas.

Attackers could exploit this vulnerability by crafting special file paths and sending them to the WS_FTP Server program. If an outdated version was being used, it wouldn’t properly validate the paths and would allow the hacker to perform operations like deleting files that they normally wouldn’t have permission for.

This puts sensitive business documents, customer information, source code and other important data at risk of being accessed, stolen or deleted by malicious actors. Since the vulnerability works by escaping the intended folder structure, it’s a very serious security issue.

The good news is that updates are available to fix the problem. WS_FTP Server released patches in versions 8.7.4 and 8.8.2 that resolve the vulnerability. If you use WS_FTP Server to transfer or host files, be sure to update immediately to the latest version to protect your data. Regularly applying software updates is also important for maintaining security.

References