CVE-2023-40044

Summary

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationWS_FTP Server8.8.0 < 8.8.2affected
Progress Software CorporationWS_FTP Server8.7.0 < 8.7.4affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References