CVE-2022-36968 - Multiple CSRF on WS_FTP lead to RCE

1. Vulnerability Properties

Title: Multiple CSRF on WS_FTP lead to RCE
CVE ID: CVE-2022-36968
CVSSv3 Base Score: 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
Vendor: Progress
Products: WS_FTP Server
Advisory Release Date: 08-02-22
Advisory URL: https://labs.integrity.pt/advisories/cve-2022-36968
Credits: Discovery by Guilherme Santos (rondons) <guilherme.santos[at]devoteam.com> & Caio Farias (g3n3) <caio.farias[at]devoteam.com>

2. Vulnerability Summary

In WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery attacks. This includes the ability to modify or upload scripts that run when the software is started or when a user logins (or fails to login), leading to Remote Code Execution.

3. Vulnerable Versions

  • < 8.7.3

4. Solution

  • Update to version 8.7.3 or higher

5. Vulnerability Timeline

  • 04/06/22 -Vulnerability reported to Progress via hackerone.
  • 10/06/22 -Vulnerability verified by vendor.
  • 02/08/22 -Vulnerability fixed by vendor and advisory released.

6. References

  • https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-June-2022
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36968


© 2022 Integrity Part of Devoteam. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.