CVE-2023-40044: 
WS_FTP Server vulnerability analysis and mitigation

CVE-2023-40044 is a critical .NET deserialization vulnerability discovered in Progress Software's WSFTP Server's Ad Hoc Transfer module. The vulnerability, identified in September 2023, affects WSFTP Server versions prior to 8.7.4 and 8.8.2, allowing pre-authenticated attackers to execute remote commands on the underlying WS_FTP Server operating system (Assetnote Research, Progress Advisory).

The vulnerability exists in the MyFileUpload.UploadModule HTTP module, which handles file uploads within the Ad Hoc Transfer (AHT) application. The issue stems from unsafe deserialization of user input through the BinaryFormatter class, which can be triggered without authentication. The vulnerability received a CVSS base score of 8.8 from NIST and 10.0 from Progress Software, reflecting its critical severity (Assetnote Research, NVD).

The vulnerability affects approximately 2,900 internet-exposed WS_FTP Server instances, primarily belonging to large enterprises, governments, and educational institutions. Successful exploitation could lead to remote code execution on the underlying operating system, potentially compromising sensitive data and system integrity (Assetnote Research, Arctic Wolf).

Progress Software has released security patches for affected versions, recommending users upgrade to version 8.7.4 for WSFTP Server 2020 or version 8.8.2 for WSFTP Server 2022. As an alternative mitigation, users can disable or remove the Ad Hoc Transfer module if immediate patching is not feasible (Progress Advisory, Arctic Wolf).

The vulnerability has raised significant concerns in the cybersecurity community, particularly given Progress Software's recent history with the MOVEit Transfer exploitation. Security researchers expressed disappointment at how quickly proof-of-concept code was released after the patch, potentially giving threat actors a head start in exploitation attempts (The Register).