Skip to main content
All vulnerabilities
CVE-2023-40044 Known ransomware use

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

ProgressWS_FTP Server

Added to KEV catalog
5 October 2023
Federal remediation due date
26 October 2023
Weakness classification (CWE)
CWE-502

CISA Description

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes

https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023; https://nvd.nist.gov/vuln/detail/CVE-2023-40044

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services