CVE-2023-40044 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-40044?
CVE-2023-40044 is a critical vulnerability affecting WS_FTP Server versions prior to 8.7.4 and 8.8.2, specifically those with the Ad Hoc Transfer module enabled. This vulnerability allows a pre-authenticated attacker to exploit a .NET deserialization issue, leading to remote command execution on the affected system. Systems running vulnerable versions of WS_FTP Server software, particularly on Windows, are at risk. It is crucial for administrators to apply patches and disable the Ad Hoc Transfer module if patching is not an option to mitigate this high-severity threat.
Who is impacted?
The CVE-2023-40044 vulnerability affects users of WS_FTP Server, specifically those running versions prior to 8.7.4 and 8.8.2 with the Ad Hoc Transfer module enabled. This critical vulnerability could allow an attacker to execute remote commands on the affected system without authentication. Users of WS_FTP Server should be aware of this risk and take appropriate action to protect their systems.
What to do if CVE-2023-40044 affected you
If you're affected by the CVE-2023-40044 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:
Update WS_FTP Server to version 8.7.4 or 8.8.2 to patch the vulnerability.
If updating is not an option, disable the Ad Hoc Transfer module to mitigate the risk.
Regularly check for software updates and apply them as needed to maintain security.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-40044 vulnerability, also known as the Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on October 5, 2023, with a due date of October 26, 2023. To address this vulnerability, organizations must apply mitigations as per vendor instructions or discontinue using the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data in the Ad Hoc Transfer module of WS_FTP Server.
Learn More
CVE-2023-40044 is a critical vulnerability affecting WS\_FTP Server, with potential for unauthenticated remote command execution. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-40044 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-40044?
CVE-2023-40044 is a critical vulnerability affecting WS_FTP Server versions prior to 8.7.4 and 8.8.2, specifically those with the Ad Hoc Transfer module enabled. This vulnerability allows a pre-authenticated attacker to exploit a .NET deserialization issue, leading to remote command execution on the affected system. Systems running vulnerable versions of WS_FTP Server software, particularly on Windows, are at risk. It is crucial for administrators to apply patches and disable the Ad Hoc Transfer module if patching is not an option to mitigate this high-severity threat.
Who is impacted?
The CVE-2023-40044 vulnerability affects users of WS_FTP Server, specifically those running versions prior to 8.7.4 and 8.8.2 with the Ad Hoc Transfer module enabled. This critical vulnerability could allow an attacker to execute remote commands on the affected system without authentication. Users of WS_FTP Server should be aware of this risk and take appropriate action to protect their systems.
What to do if CVE-2023-40044 affected you
If you're affected by the CVE-2023-40044 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:
Update WS_FTP Server to version 8.7.4 or 8.8.2 to patch the vulnerability.
If updating is not an option, disable the Ad Hoc Transfer module to mitigate the risk.
Regularly check for software updates and apply them as needed to maintain security.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-40044 vulnerability, also known as the Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on October 5, 2023, with a due date of October 26, 2023. To address this vulnerability, organizations must apply mitigations as per vendor instructions or discontinue using the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data in the Ad Hoc Transfer module of WS_FTP Server.
Learn More
CVE-2023-40044 is a critical vulnerability affecting WS\_FTP Server, with potential for unauthenticated remote command execution. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-40044 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-40044?
CVE-2023-40044 is a critical vulnerability affecting WS_FTP Server versions prior to 8.7.4 and 8.8.2, specifically those with the Ad Hoc Transfer module enabled. This vulnerability allows a pre-authenticated attacker to exploit a .NET deserialization issue, leading to remote command execution on the affected system. Systems running vulnerable versions of WS_FTP Server software, particularly on Windows, are at risk. It is crucial for administrators to apply patches and disable the Ad Hoc Transfer module if patching is not an option to mitigate this high-severity threat.
Who is impacted?
The CVE-2023-40044 vulnerability affects users of WS_FTP Server, specifically those running versions prior to 8.7.4 and 8.8.2 with the Ad Hoc Transfer module enabled. This critical vulnerability could allow an attacker to execute remote commands on the affected system without authentication. Users of WS_FTP Server should be aware of this risk and take appropriate action to protect their systems.
What to do if CVE-2023-40044 affected you
If you're affected by the CVE-2023-40044 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:
Update WS_FTP Server to version 8.7.4 or 8.8.2 to patch the vulnerability.
If updating is not an option, disable the Ad Hoc Transfer module to mitigate the risk.
Regularly check for software updates and apply them as needed to maintain security.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-40044 vulnerability, also known as the Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on October 5, 2023, with a due date of October 26, 2023. To address this vulnerability, organizations must apply mitigations as per vendor instructions or discontinue using the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data in the Ad Hoc Transfer module of WS_FTP Server.
Learn More
CVE-2023-40044 is a critical vulnerability affecting WS\_FTP Server, with potential for unauthenticated remote command execution. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions