2023-10-02
Researchers Say WS_FTP Server Vulnerabilities are Being Actively Exploited
It appears that criminals are now actively exploiting vulnerabilities in Progress Software’s WS_FTP Server. Progress released updates to address eight vulnerabilities in the software last week. On September 30, researchers from Rapid7 noticed “exploitation of one or more recently disclosed WS_FTP vulnerabilities in multiple customer environments.”
Editor's Note
An exploit has been made available publicly. No reason to believe that this is not already being exploited.
Johannes Ullrich
You already applied the patches to WS_FTP, right? The vulnerability and POC exploit code are both out there. And Progress Software lists their high-profile customers on their website, simplifying target selection. On top of all that, Progress is dealing with a bunch of lawsuits after the MOVEit breach, which is going to, at best, impact their ability to respond to additional issues, building the case to find an alternate solution.
Lee Neely
Roughly 72 hours from patch release (vulnerability) to active exploit. A useful metric for defenders as they evaluate patches before introducing them into their environment. Part of me wonders if the CVSS score that usually accompanies vulnerability announcement helps evil-doers prioritize their workload. In this case, a vulnerability with a CVSS score of 10 certainly gets attention from both attacker and defender.
Curtis Dukes
WS_FTP is not the option I would choose for an FTP today. There are many more options robust and more straightforward options. So, who is using this software today? Are those environments easier to breach than others? This software package is also maintained by the same company that maintains MoveIT. Where there was smoke, there was plenty of fire.
Moses Frost
Read more in
The Register: Security researchers believe mass exploitation attempts against WS_FTP have begun
Security Week: Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
Gov Infosecurity: Alert: Attackers Actively Exploiting WS_FTP Vulnerabilities
Rapid7: Critical Vulnerabilities in WS_FTP Server
Progress: WS_FTP Server Critical Vulnerability - (September 2023)