CVE-2023-40044

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 27, 2023

Updated: Oct 13, 2023

CWE ID 502

Summary

CVE-2023-40044 is a pre-authentication vulnerability affecting WS_FTP Server versions before 8.7.4 and 8.8.2. An attacker can exploit a .NET deserialization issue in the Ad Hoc Transfer module to run remote commands on the underlying WS_FTP Server operating system without needing valid login credentials. Successful exploitation could result in serious system compromise. This vulnerability underscores the importance of promptly applying security patches to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Progress Ws Ftp Server

Affected Vendors

Progress Publishers

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRJaIP
https://www.cve.org/CVERecord?id=CVE-2023-40044
https://nvd.nist.gov/vuln/detail/CVE-2023-40044

Back to Vulnerability Database