Skip to main content
close search
site logo

Multiple exploits hit Progress Software’s WS_FTP Server

A Progress spokesperson criticized unnamed third parties for releasing a proof of concept that “provided threat actors a roadmap on how to exploit the vulnerabilities.”

Published Oct. 3, 2023
Matt Kapko's headshot
Senior Reporter
Exclamation mark depicted over code.
WhataWin/Getty Images via Getty Images

Multiple active exploits of Progress Software’s WS_FTP Server occurred Saturday, according to Rapid7 research.

The attacks took place three days after the company behind the beleaguered MOVEit tool quietly alerted customers to eight vulnerabilities, including two critical, in the file-transfer service.

"The activity our team saw was successful exploitation in real-world environments,” Caitlin Condon, senior manager of vulnerability research at Rapid7, said via email.

Researchers “observed a small number of incidents, all of which occurred the evening of Sept. 30. We haven’t seen any new activity since then,” Condon said.

The exploits hit two of the eight vulnerabilities, CVE-2023-40044 and CVE-2023-42657, which are critical with CVSS scores of 10 and 9.9 out of 10, respectively, according to Rapid7’s research.

“We have not seen any data exfiltration, and all incidents appear to have been contained for the time being,” Condon said.

Progress has read the research, but did not say if it could independently confirm active exploits or attacks.

A company spokesperson criticized unnamed third parties for releasing a proof of concept, reverse-engineered from the vulnerabilities’ disclosure and patch.

Proof of concept exploit code for CVE-2023-40044 was publicly available as of Friday evening, according to Rapid7.

“This provided threat actors a roadmap on how to exploit the vulnerabilities while many of our customers were still in the process of applying the patch,” the spokesperson said.

“We are not aware of any evidence that these vulnerabilities were being exploited prior to that release,” the spokesperson said. “Unfortunately, by building and releasing a POC rapidly after our patch was released, a third party has given cyber criminals a tool to attempt attacks against our customers.”

Progress disclosed the vulnerabilities in WS_FTP Server three months after it disclosed and patched a widely exploited zero-day vulnerability in MOVEit, another file-transfer service.

The company has borne minimal business impact from Clop’s mass exploit of the zero-day vulnerability in MOVEit, despite supply chain compromises that have affected more than 2,100 organizations.

"The security of our customers is our top priority and we continue to work with our customers and responsible third-party research experts to discover, properly disclose and remediate any issues,” the Progress spokesperson said.

Editors' picks

Company Announcements

View all | Post a press release
Abbott Laboratories Employees Credit Union (“ALEC”) Data Breach Investigation
From Migliaccio and Rathod LLP
October 21, 2024
Varsity Brands Data Breach Investigation
From Migliaccio and Rathod LLP
October 15, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Tech Ambitions Collide with Reality: 2025 Technology Impact Report Exposes Critical Readiness…
From Omnia Strategy Group, LLC
October 21, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell