Skip to main content
close search
site logo

Multiple exploits hit Progress Software’s WS_FTP Server

A Progress spokesperson criticized unnamed third parties for releasing a proof of concept that “provided threat actors a roadmap on how to exploit the vulnerabilities.”

Published Oct. 3, 2023
Matt Kapko's headshot
Senior Reporter
Exclamation mark depicted over code.
WhataWin/Getty Images via Getty Images

Multiple active exploits of Progress Software’s WS_FTP Server occurred Saturday, according to Rapid7 research.

The attacks took place three days after the company behind the beleaguered MOVEit tool quietly alerted customers to eight vulnerabilities, including two critical, in the file-transfer service.

"The activity our team saw was successful exploitation in real-world environments,” Caitlin Condon, senior manager of vulnerability research at Rapid7, said via email.

Researchers “observed a small number of incidents, all of which occurred the evening of Sept. 30. We haven’t seen any new activity since then,” Condon said.

The exploits hit two of the eight vulnerabilities, CVE-2023-40044 and CVE-2023-42657, which are critical with CVSS scores of 10 and 9.9 out of 10, respectively, according to Rapid7’s research.

“We have not seen any data exfiltration, and all incidents appear to have been contained for the time being,” Condon said.

Progress has read the research, but did not say if it could independently confirm active exploits or attacks.

A company spokesperson criticized unnamed third parties for releasing a proof of concept, reverse-engineered from the vulnerabilities’ disclosure and patch.

Proof of concept exploit code for CVE-2023-40044 was publicly available as of Friday evening, according to Rapid7.

“This provided threat actors a roadmap on how to exploit the vulnerabilities while many of our customers were still in the process of applying the patch,” the spokesperson said.

“We are not aware of any evidence that these vulnerabilities were being exploited prior to that release,” the spokesperson said. “Unfortunately, by building and releasing a POC rapidly after our patch was released, a third party has given cyber criminals a tool to attempt attacks against our customers.”

Progress disclosed the vulnerabilities in WS_FTP Server three months after it disclosed and patched a widely exploited zero-day vulnerability in MOVEit, another file-transfer service.

The company has borne minimal business impact from Clop’s mass exploit of the zero-day vulnerability in MOVEit, despite supply chain compromises that have affected more than 2,100 organizations.

"The security of our customers is our top priority and we continue to work with our customers and responsible third-party research experts to discover, properly disclose and remediate any issues,” the Progress spokesperson said.

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell