Jump to content
Welcome to our new Citrix community!
  • CVE-2023-40044 : Progress Software - Critical Pre-Auth Flaws in WS_FTP Server Product


    NetScaler Cyber Threat Intelligence
    • Validation Status: Validated
      Has Video?: No

    (UPDATE) CVE-2023-40044 : Progress Software - Critical Pre-Auth Flaws in WS_FTP Server Product Published in v114  

     

    NetScaler CTRI Team

    Last Updated: 10/03/2023

     

    image.jpg

    Description:

    CVE-2023-40044 is a critical vulnerability in WS_FTP Server versions before 8.7.4 and 8.8.2. The vulnerability is caused by a .NET deserialisation flaw in the Ad Hoc Transfer module, which a pre-authenticated attacker can exploit to execute remote commands on the underlying WS_FTP Server operating system. The vulnerability has a CVSS score of 10, indicating its severity. The WS_FTP team discovered the vulnerability, and all versions of the WS_FTP Server are affected by it. The vendor has patched the vulnerability, and version-specific hotfixes have been made available for customers to remediate the issue. It is highly recommended that users of WS_FTP Server update their software to the latest version to avoid exploitation of this vulnerability.

     

    Please follow the guidelines as recommended by the vendor in their Security Article

     

    NetScaler CTRI :

    NetScaler CTRI team is actively investigating this issue and will provide an update on the mitigation steps, WAF Signature soon. 

     

    References: 

    1. https://nvd.nist.gov/vuln/detail/CVE-2023-40044

     

     

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...