CVE-2023-42659: 
WS_FTP Server vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-42659) was identified in Progress Software's WSFTP Server versions prior to 8.7.6 and 8.8.4. The vulnerability is an unrestricted file upload flaw that allows authenticated Ad Hoc Transfer users to craft API calls enabling them to upload files to arbitrary locations on the underlying operating system hosting the WSFTP Server application (NVD, SecurityOnline).

The vulnerability has been assigned a CVSS v3.1 base score of 9.1 (Critical) by Progress Software Corporation, with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L. The NVD has assigned a slightly different score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD).

The vulnerability could potentially grant attackers unrestricted access to sensitive data and compromise entire systems through the ability to upload files to arbitrary locations on the operating system hosting the WSFTP Server application ([SecurityOnline](https://securityonline.info/cve-2023-42659-critical-vulnerability-discovered-in-progress-wsftp-server/)).

Progress Software has released patches to address this vulnerability. Users are strongly advised to upgrade to versions 8.7.6 or 8.8.4 or later. The upgrade process will temporarily halt the WSFTP Server service, so it is recommended to schedule the update during a period of low system usage and create a full backup of the WSFTP Server configuration before proceeding (SecurityOnline).