WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability
CVE-2023-40044
Key Information:
- Vendor
Progress Software
- Status
- Vendor
- CVE Published:
- 27 September 2023
Badges
What is CVE-2023-40044?
A significant security vulnerability exists in the WS_FTP Server Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. This vulnerability stems from improper .NET deserialization, allowing pre-authenticated attackers to execute arbitrary commands on the WS_FTP Server's operating system, potentially leading to unauthorized access and control over affected systems. Immediate action is recommended to mitigate risks associated with this severe flaw.
CISA has reported CVE-2023-40044
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-40044 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
WS_FTP Server 8.8.0
WS_FTP Server 8.8.0 < 8.8.2
WS_FTP Server 8.7.0 < 8.7.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Security AffairsCVE-2023-40044WS_FTP flaw CVE-2023-40044 actively exploited in the wild
Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by Security Affairs
Vulnerability published
Vulnerability Reserved