Skip to main content

Ws Ftp Server CVE-2024-7745

HIGH
Authentication Bypass by Spoofing (CWE-290)
2024-08-28 security@progress.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 28, 2024 - 17:15 nvd
HIGH 8.1

DescriptionNVD

In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.

AnalysisAI

In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-290. In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. Affected products include: Progress Ws Ftp Server. Version information: before 8.8.8.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-40044 HIGH POC
8.8 Sep 27

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization v

CVE-2019-12144 CRITICAL
9.8 Jun 11

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated critical severit

CVE-2023-42657 CRITICAL
9.6 Sep 27

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. Rated critical s

CVE-2019-12146 CRITICAL
9.1 Jun 11

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rat

CVE-2023-42659 HIGH
8.8 Nov 07

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. Rated high sev

CVE-2019-12145 HIGH
7.5 Jun 11

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rat

CVE-2023-40046 HIGH
7.2 Sep 27

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager in

CVE-2023-24029 HIGH
7.2 Feb 03

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the admini

CVE-2024-7744 MEDIUM
6.5 Aug 28

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path

CVE-2023-40048 MEDIUM
6.5 Sep 27

In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSR

CVE-2024-1474 MEDIUM
6.1 Feb 21

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user suppl

CVE-2023-40045 MEDIUM
6.1 Sep 27

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FT

Share

CVE-2024-7745 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy