CVE-2023-40044: Progress WS_FTP Server Deserialization of Untrusted Data
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability. Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.
- CISA KEV-listed (remediation due 2023-10-26)
- used in ransomware campaigns
- EPSS 94.4% (100.0% percentile)