← back
CVE-2023-40044

WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability

CVSS 10 CRITICALEPSS 90.1%● KEVCWE-502
In short

WS_FTP Server has a flaw where attackers can send specially crafted data to the Ad Hoc Transfer module that gets improperly processed, allowing them to run commands on the server without needing to log in first.

Technical detail

A .NET deserialization vulnerability in the Ad Hoc Transfer module (CWE-502) allows pre-authenticated attackers to craft malicious serialized objects that execute arbitrary code with server privileges when deserialized, enabling remote command execution on the underlying OS.

Summary generated and translated by AI from the official description.
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Progress Software Corporation · WS_FTP Server
public PoCs found2
githubgithub.com/kenbuckler/WS_FTP-CVE-2023-400441cve_referencepacketstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.htmlhttps://attackerkb.com/topics/bn32f9sNax/cve-2023-40044https://censys.com/cve-2023-40044/https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-40044https://www.progress.com/ws_ftphttps://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/https://www.theregister.com/2023/10/02/ws_ftp_update/