First published: Wed Sep 27 2023(Updated: )
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
Credit: security@progress.com security@progress.com security@progress.com
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Ws Ftp Server | <8.7.4 | |
Progress Ws Ftp Server | >=8.8<8.8.2 | |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-40044 is critical with a severity score of 8.8.
The affected software for CVE-2023-40044 is WS_FTP Server versions prior to 8.7.4 and 8.8.2.
A pre-authenticated attacker can exploit this vulnerability by leveraging a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
To fix CVE-2023-40044, you should update your WS_FTP Server to version 8.7.4 or higher, or version 8.8.2 or higher.
For more information about CVE-2023-40044, you can refer to the following references: [Link 1](https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023), [Link 2](https://www.progress.com/ws_ftp).