all InfoSec news
Progress Software WS_FTP Server Insecure Deserialization Vulnerability (CVE-2023-40044)
Nov. 8, 2023, 10:02 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
WS_FTP is a secure file transfer client and server software package from Ipswitch, which is now a part of Progress Software.
What is the Attack?
CVE-2023-40044 is a .NET deserialization vulnerability that affects WS_FTP Server versions prior to 8.7.4 and 8.8.2 with the Ad Hoc Transfer module installed. Successful exploitation of the vulnerability allows unauthenticated attackers to remotely execute commands on the underlying operating system via a specially crafted HTTP request.
CVE-2023-40044 has a CVSS …
attack client cve cve-2023-40044 deserialization file file transfer insecure ipswitch package progress progress software server software transfer vulnerability what is ws_ftp
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Jobs in InfoSec / Cybersecurity
Senior Security Engineer - Detection and Response
@ Fastly, Inc. | US (Remote)
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Defensive Cyber Operations Engineer-Mid
@ ISYS Technologies | Aurora, CO, United States
Manager, Information Security GRC
@ OneTrust | Atlanta, Georgia
Senior Information Security Analyst | IAM
@ EBANX | Curitiba or São Paulo
Senior Information Security Engineer, Cloud Vulnerability Research
@ Google | New York City, USA; New York, USA