WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Remote Command Execution Vulnerability
CVE-2023-40044 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
Learn more about our Cis Benchmark Audit For Server Software.