Threat Signal ReportProgress Software WS_FTP Server Insecure Deserialization Vulnerability (CVE-2023-40044)
Description
| What is Progress Software WS_FTP? |
WS_FTP is a secure file transfer client and server software package from Ipswitch, which is now a part of Progress Software.
|
| What is the Attack? |
CVE-2023-40044 is a .NET deserialization vulnerability that affects WS_FTP Server versions prior to 8.7.4 and 8.8.2 with the Ad Hoc Transfer module installed. Successful exploitation of the vulnerability allows unauthenticated attackers to remotely execute commands on the underlying operating system via a specially crafted HTTP request. CVE-2023-40044 has a CVSS score of 10 (maximum score) and is rated "critical" by Progress Software. |
| Why is this Significant? |
This is significant because CVE-2023-40044 is reportedly being exploited in the wild. With Proof-of-Concept (PoC) being publicly available, attacks that leverage the vulnerability are expected to increase. FortiGuard Labs recommends that users of vulnerable WS_FTP servers apply the patch as soon as possible. |
|
What is the Vendor Solution?
|
Progress Software released a patch for CVE-2023-40044 on September 27, 2023. Progress Software also published patches for other WS_FTP vulnerabilities, including one other critical security bug (CVE-2023-42657), in the same release. |
| What FortiGuard Coverage is available? |
FortiGuard Labs has released a new IPS signature "Progress.WS_FTP.Server.Ad.Hoc.Insecure.Deserialization" in version 25.652. |
Telemetry
Appendix
Progress.WS_FTP.Server.Ad.Hoc.Insecure.Deserialization (Fortinet)
WS_FTP Server Critical Vulnerability - September 2023 (Progress Software)
✖
