NetScaler CTRI Team
Last Updated: 10/03/2023
/applications/core/interface/js/spacer.png" data-src="/monthly_2023_10/image.jpg.7a14f0d755e478fe77f32fe76ad1ce8d.jpg" data-ratio="24.48" width="1348" class="ipsImage ipsImage_thumbnailed" alt="image.jpg">
Description:
CVE-2023-40044 is a critical vulnerability in WS_FTP Server versions before 8.7.4 and 8.8.2. The vulnerability is caused by a .NET deserialisation flaw in the Ad Hoc Transfer module, which a pre-authenticated attacker can exploit to execute remote commands on the underlying WS_FTP Server operating system. The vulnerability has a CVSS score of 10, indicating its severity. The WS_FTP team discovered the vulnerability, and all versions of the WS_FTP Server are affected by it. The vendor has patched the vulnerability, and version-specific hotfixes have been made available for customers to remediate the issue. It is highly recommended that users of WS_FTP Server update their software to the latest version to avoid exploitation of this vulnerability.
Please follow the guidelines as recommended by the vendor in their Security Article
NetScaler CTRI :
NetScaler CTRI team is actively investigating this issue and will provide an update on the mitigation steps, WAF Signature soon.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-40044
- Read more...
- 0 comments
- 356 views