CVE-2023-40044 - OpenCVE

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Progress	Ws Ftp Server

Configuration 1 [-]

OR	cpe:2.3:a:progress:ws_ftp_server::::::::
	cpe:2.3:a:progress:ws_ftp_server::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html
https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044
https://censys.com/cve-2023-40044/
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
https://www.progress.com/ws_ftp
https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/
https://www.theregister.com/2023/10/02/ws_ftp_update/

History

No history.

MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2023-09-27T14:48:08.190Z

Updated: 2024-08-02T18:24:54.913Z

Reserved: 2023-08-08T19:44:41.112Z

Link: CVE-2023-40044

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-27T15:18:57.307

Modified: 2023-10-13T01:22:24.903

Link: CVE-2023-40044

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40044", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2023-08-08T19:44:41.112Z", "datePublished": "2023-09-27T14:48:08.190Z", "dateUpdated": "2024-08-02T18:24:54.913Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Ad Hoc Transfer Module"], "product": "WS_FTP Server", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "8.8.2", "status": "affected", "version": "8.8.0", "versionType": "semver"}, {"lessThan": "8.7.4", "status": "affected", "version": "8.7.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Shubham Shah - Assetnote"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sean Yeoh - Assetnote"}], "datePublic": "2023-09-27T14:47:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">In WS_FTP Server versions prior to 8.7.4 and 8.8.2</span>, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  </p>"}], "value": "\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.\u00a0\u00a0\n\n"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-09-27T15:19:04.776Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/ws_ftp"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"}, {"url": "https://www.theregister.com/2023/10/02/ws_ftp_update/"}, {"url": "https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/"}, {"url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044"}, {"url": "https://censys.com/cve-2023-40044/"}, {"url": "https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044"}, {"url": "http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "title": "WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.913Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://www.progress.com/ws_ftp"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"}, {"url": "https://www.theregister.com/2023/10/02/ws_ftp_update/", "tags": ["x_transferred"]}, {"url": "https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/", "tags": ["x_transferred"]}, {"url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044", "tags": ["x_transferred"]}, {"url": "https://censys.com/cve-2023-40044/", "tags": ["x_transferred"]}, {"url": "https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html", "tags": ["x_transferred"]}]}]}}

{"cisaActionDue": "2023-10-26", "cisaExploitAdd": "2023-10-05", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "443CCFDE-4A61-40F1-96C1-B36BF9240773", "versionEndExcluding": "8.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "670AEEB3-B2B3-41DA-8188-4F1A4E02F0AD", "versionEndExcluding": "8.8.2", "versionStartIncluding": "8.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.\u00a0\u00a0\n\n"}, {"lang": "es", "value": "En las versiones del servidor WS_FTP anteriores a la 8.7.4 y 8.8.2, un atacante previamente autenticado podr\u00eda aprovechar una vulnerabilidad de deserializaci\u00f3n de .NET en el m\u00f3dulo Ad Hoc Transfer para ejecutar comandos remotos en el sistema operativo subyacente del servidor WS_FTP."}], "id": "CVE-2023-40044", "lastModified": "2023-10-13T01:22:24.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@progress.com", "type": "Secondary"}]}, "published": "2023-09-27T15:18:57.307", "references": [{"source": "security@progress.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html"}, {"source": "security@progress.com", "tags": ["Third Party Advisory"], "url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044"}, {"source": "security@progress.com", "tags": ["Third Party Advisory"], "url": "https://censys.com/cve-2023-40044/"}, {"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"}, {"source": "security@progress.com", "tags": ["Exploit"], "url": "https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044"}, {"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://www.progress.com/ws_ftp"}, {"source": "security@progress.com", "tags": ["Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/"}, {"source": "security@progress.com", "tags": ["Third Party Advisory"], "url": "https://www.theregister.com/2023/10/02/ws_ftp_update/"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@progress.com", "type": "Secondary"}]}