Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers have observed multiple instances of WS_FTP exploitation in the wild, with two different attack chains. The exploited vulnerability (CVE-2023-40044) and the update CVE-2023-40044 is a .NET deserialization vulnerability that could allow an unauthenticated threat actor … More →

The post …

assetnote attackers code concept critical critical vulnerabilities critical vulnerability cve don't miss exploitation exploited file file sharing file transfer hacked hot stuff moveit popular progress progress software proof proof-of-concept rapid7 researchers security update server sharing software solution the company tool transfer vulnerabilities vulnerability ws_ftp