10
CVE-2023-40044
- EPSS 94.43%
- Veröffentlicht 27.09.2023 15:18:57
- Zuletzt bearbeitet 10.03.2025 20:32:25
- Quelle security@progress.com
- Teams Watchlist Login
- Unerledigt Login
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Ws Ftp Server Version < 8.7.4
Progress ≫ Ws Ftp Server Version >= 8.8 < 8.8.2
05.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
SchwachstelleProgress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.43% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@progress.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.