Critical vulnerability in WS-FTP Server exploited by attackers (CVE-2023-40044)
Progress Software has recently addressed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, a secure file transfer solution. The first vulnerability, CVE-2023-40044, is a .NET deserialization vulnerability that could allow an unauthenticated threat actor to execute remote commands on the underlying WS_FTP Server operating system via a HTTPS POST request. The second vulnerability, CVE-2023-42657, is a directory traversal vulnerability that could allow a threat actor to perform file operations on files and folders outside of their authorized WS_FTP folder path. Both vulnerabilities affect versions prior to 8.7.4 and 8.8.2, and upgrading to the fixed versions is strongly recommended. If updating is not possible, the risk can be mitigated by removing or disabling the WS_FTP Server Ad hoc Transfer Module. Rapid7 has shared indicators of compromise for enterprise defenders to check if their organization has been affected. In addition to these, Progress has fixed six other high and medium severity vulnerabilities in the latest WS\_FTP Server update. CVEs: CVE-2023-40046, CVE-2023-40047, CVE-2023-40048, CVE-2022-27665, CVE-2023-40049, CVE-2023-40045, CVE-2023-42657, CVE-2023-40044 Malware: Clop(Windows), Clop, Clop(Linux) [View Article](https://www.helpnetsecurity.com/2023/10/02/cve-2023-40044/)