Actively exploited vulnerability

CVE-2023-40044: Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

CISA KEV source 5 Oct 2023 added 26 Oct 2023 remediation due

Affected product

Progress · WS_FTP Server

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2023-40044.