WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Remote Command Execution Vulnerability

WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Remote Command Execution Vulnerability

CVE-2023-40044 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  

Learn more about our Cis Benchmark Audit For Server Software.