Vulnerability Details : CVE-2023-40044
Public exploit exists!
Used for ransomware!
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
Products affected by CVE-2023-40044
- cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*
CVE-2023-40044 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.
Notes:
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023; https://nvd.nist.gov/vuln/detail/CVE-2023-40044
Added on
2023-10-05
Action due date
2023-10-26
Exploit prediction scoring system (EPSS) score for CVE-2023-40044
86.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-40044
-
Progress Software WS_FTP Unauthenticated Remote Code Execution
Disclosure Date: 2023-09-27First seen: 2023-10-08exploit/windows/http/ws_ftp_rce_cve_2023_40044This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WS_FTP server running the Ad Hoc Transfer module. All versions of WS_FTP Server prior to 2020.0.4 (version 8.7.4) and 2022.0.2 (versi
CVSS scores for CVE-2023-40044
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
Progress Software Corporation |
CWE ids for CVE-2023-40044
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by:
- nvd@nist.gov (Primary)
- security@progress.com (Secondary)
References for CVE-2023-40044
-
https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/
Critical Vulnerabilities in WS_FTP Server | Rapid7 Blog
-
https://www.theregister.com/2023/10/02/ws_ftp_update/
Mass exploitation attempts against WS_FTP have begun • The Register
-
https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044
CVE-2023-40044 | AttackerKB
-
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
Progress Customer CommunityVendor Advisory
-
https://censys.com/cve-2023-40044/
CVE-2023-40044: A Look at the Critical Ad Hoc Transfer Module Vulnerability in WS_FTP - Censys
-
https://www.progress.com/ws_ftp
WS_FTP - Secure FTP Server and Client SoftwareVendor Advisory
-
http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html
Progress Software WS_FTP Unauthenticated Remote Code Execution ≈ Packet Storm
-
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)
Jump to