CVE-2023-40044

Progress | WS_FTP ServerAdded 2023-10-05Remediation Deadline 2023-10-26Active Ransomware Campaign

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-502

References

https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
https://nvd.nist.gov/vuln/detail/CVE-2023-40044

Cybersecurity Alerts

CVE-2023-40044

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Required Action

Weakness Classification

References