Security Researchers have spotted evidence of mass exploitation of vulnerabilities in Progress Software’s WS_FTP Server file sharing Platform.
The server file sharing platform has a maximum severity remote code execution vulnerability which attackers can exploit using a simple HTTP request. Security researchers who discovered and reported the flaw, published a blog post with a proof of concept exploit and additional technical details last weekend. This was two days after Progress Software released its security advisory on the vulnerability. Not long after the proof of concept blog post was published, evidence of exploitation of the vulnerability could be seen across multiple instances of WS_FTP. In fact it was roughly 72hrs from patch release to active exploitation. For defenders, that means that we don’t have much time to patch our systems before exploitation commences. And it doesn’t help when Progress Software lists their high-profile customers on their website, helping to simplify target selection. A shodan search has shown that over 2,000 devices are running WS_FTP servers that are accessible over the internet. A Progress spokesperson released a statement expressing their disappointment at how quick third parties had released proof of concepts for the vulnerability, as it provided threat actors a roadmap on how to exploit the vulnerabilities while many of their customers were still in the process of applying the patch.
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
https://www.theregister.com/2023/10/02/ws_ftp_update/
https://www.govinfosecurity.com/alert-attackers-actively-exploiting-wsftp-vulnerabilities-a-23200
https://www.bleepingcomputer.com/news/security/exploit-available-for-critical-ws-ftp-bug-exploited-in-attacks/
This segment was created for the It’s 5:05 podcast