Threats / Progress / CVE-2023-40044
CVE-2023-40044
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-06-22
Progress WS_FTP Server vulnerability
Progress WS_FTP Server contains a deserialization vulnerability in the Ad Hoc Transfer module allowing authenticated attackers to execute arbitrary commands on the underlying operating system.
Verdict
Today item, not a backlog item.
An authenticated attacker can exploit unsafe deserialization in WS_FTP Server's Ad Hoc Transfer module to achieve remote code execution. The vulnerability has been actively exploited in the wild and leveraged in ransomware campaigns, presenting critical risk to file transfer infrastructure.
01
Is it exploitable?
— the evidence, ranked above the scoreReported exploitation
18 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-10-05), flagged for known ransomware use.
Probability (EPSS)
EPSS 0.90044 — modeled likelihood of exploitation activity.EPSS is a daily-changing model output — open the source for today's value.
Severity / affected
Affected: Progress, WS_FTP Server. Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-502 Deserialization of Untrusted Data — weakness family: Injection.CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then board1
Front door — unauthenticated access narrative 1
Attacker
I authenticate to WS_FTP Server using valid credentials or a compromised account.
Business
Legitimate user accounts or weak credential hygiene create an entry point for attackers to reach the vulnerable Ad Hoc Transfer module.
2
Keys to the kingdom — privilege/identity takeover narrative 2
Attacker
I craft a malicious serialized object and send it through the Ad Hoc Transfer module to trigger unsafe deserialization.
Business
The application processes untrusted serialized data without proper validation, enabling arbitrary code injection.
3
Lateral reach — past segmentation narrative 3
Attacker
I execute arbitrary commands on the underlying operating system with the privileges of the WS_FTP Server process.
Business
Complete compromise of the file transfer server and potential lateral movement into the broader network infrastructure.
4
Data at risk — exfiltration narrative 4
Attacker
I establish persistence and deploy ransomware or exfiltrate sensitive files stored on or accessible through the server.
Business
Data breach, operational disruption, and financial extortion through ransomware deployment targeting critical file transfer operations.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05
Coverage & confidence
— what we know, and what we don’tEstablished (cited)
Coverage gaps — stated, not hidden
Disclosure & credit2
Catalogued by ProgressSoftwareCNA