What is Progress Software WS_FTP?
WS_FTP is a secure file transfer client and server software package from Ipswitch, which is now a part of Progress Software.
What is the Attack?
CVE-2023-40044 is a .NET deserialization vulnerability that affects WS_FTP Server versions prior to 8.7.4 and 8.8.2 with the Ad Hoc Transfer module installed. Successful exploitation of the vulnerability allows unauthenticated attackers to remotely execute commands on the underlying operating system via a specially crafted HTTP request.
CVE-2023-40044 has a CVSS score of 10 (maximum score) and is rated “critical” by Progress Software.
Why is this Significant?
This is significant because CVE-2023-40044 is reportedly being exploited in the wild. With Proof-of-Concept (PoC) being publicly available, attacks that leverage the vulnerability are expected to increase.
FortiGuard Labs recommends that users of vulnerable WS_FTP servers apply the patch as soon as possible.
What is the Vendor Solution?
Progress Software released a patch for CVE-2023-40044 on September 27, 2023.
Progress Software also published patches for other WS_FTP vulnerabilities, including one other critical security bug (CVE-2023-42657), in the same release.
What FortiGuard Coverage is available?
FortiGuard Labs is currently investigating coverage feasibility and will update this Threat Signal once relevant information becomes available.
More Stories
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...