CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Oct 26, 2023

CVE-2023-40044

High

CVSS 10EPSS 94.4%CISA KEVPoC AvailableRansomware

Progress/WS_FTP Server

Description

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

CVSS Score

10/ 10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS — Exploit Probability

94.4%

Higher than 100.0% of all CVEs

Weakness Classification (CWE)

CWE-502Deserialization of Untrusted DataMITRE

Known Exploits

POC

http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.htmlExploit https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044Third Party Advisory https://censys.com/cve-2023-40044/Third Party Advisory https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044Exploit https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/Broken Link https://www.theregister.com/2023/10/02/ws_ftp_update/Press/Media Coverage http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.htmlExploit https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044Third Party Advisory https://censys.com/cve-2023-40044/Third Party Advisory https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044Exploit https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/Broken Link https://www.theregister.com/2023/10/02/ws_ftp_update/Press/Media Coverage

Required Action

https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023; https://nvd.nist.gov/vuln/detail/CVE-2023-40044

Risk Assessment

CRITICAL

In CISA KEV

Known exploit

Critical CVSS

High EPSS

Ransomware

Details

Severity: High
CVSS: 10
EPSS: 94.4%
CWE: CWE-502
Exploit: POC
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Oct 5, 2023

Added to KEV

Oct 5, 2023

Remediation Due

Oct 26, 2023

Affected Product

Progress

WS_FTP Server

View all Progress CVEs

External Links

NVD (NIST)CVE Details MITRE CVE