Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-40044

Published: 27/09/2023 Updated: 13/10/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Ws Ftp Server

Vulnerability Summary

In WS_FTP Server versions before 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

progress ws ftp server

Exploits

Exploit DB: Progress Software WS_FTP Unauthenticated Remote Code Execution
This Metasploit module exploits an unsafe NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WS_FTP server running the Ad Hoc Transfer module All versions of WS_FTP Server prior to 202004 (version 874) and 202202 (version 882) are vulnerable to this issue The vulnerability was original ...

Github Repositories

https://github.com/kenbuckler/WS_FTP-CVE-2023-40044

Analysis of WS_FTP CVE

WS_FTP-CVE-2023-40044 Repository with everything I have tracking the impact of WS_FTP CVE-2023-40044 Includes possibly affected organizations and domains utilizing header methods I've also built a news ticker which tracks new stories about MOVEit and WS_FTP, available at firehosekenbucklercom/moveit

References

CWE-502https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023https://www.progress.com/ws_ftphttps://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/https://censys.com/cve-2023-40044/https://www.theregister.com/2023/10/02/ws_ftp_update/http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/kenbuckler/WS_FTP-CVE-2023-40044https://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook