(UPDATE) CVE-2023-40044 : Progress Software - Critical Pre-Auth Flaws in WS_FTP Server Product Published in v114
NetScaler CTRI Team
Last Updated: 10/03/2023
Description:
CVE-2023-40044 is a critical vulnerability in WS_FTP Server versions before 8.7.4 and 8.8.2. The vulnerability is caused by a .NET deserialisation flaw in the Ad Hoc Transfer module, which a pre-authenticated attacker can exploit to execute remote commands on the underlying WS_FTP Server operating system. The vulnerability has a CVSS score of 10, indicating its severity. The WS_FTP team discovered the vulnerability, and all versions of the WS_FTP Server are affected by it. The vendor has patched the vulnerability, and version-specific hotfixes have been made available for customers to remediate the issue. It is highly recommended that users of WS_FTP Server update their software to the latest version to avoid exploitation of this vulnerability.
Please follow the guidelines as recommended by the vendor in their Security Article
NetScaler CTRI :
NetScaler CTRI team is actively investigating this issue and will provide an update on the mitigation steps, WAF Signature soon.
References:
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now