CVE-2024-7744: 
WS_FTP Server vulnerability analysis and mitigation

CVE-2024-7744 is a path traversal vulnerability discovered in WS_FTP Server versions before 8.8.8 (2022.0.8). The vulnerability exists in the Web Transfer Module where an authenticated user can craft an API call that allows them to download files from arbitrary folders on the drive where the user host's root folder is located (by default C:) (NVD).

The vulnerability is classified as an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability (CWE-22). It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and requiring low privileges (NVD, ZDI).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WS_FTP. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE (ZDI).

Progress Software has released version 8.8.8 (2022.0.8) to address this vulnerability. Users are advised to upgrade to the latest version to mitigate the risk (NVD, Progress Community).