CVE-2023-40049
published 2023-09-27CVE-2023-40049: In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.75%
50.2th percentile
In WS_FTP Server version prior to 8.8.2,
an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | ws_ftp_server | < 8.8.2 | 8.8.2 |
| progress_software_corporation | ws_ftp_server | >= 8.8.0 < 8.8.2 | 8.8.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
blogs_tenable·2023-10-02·CVSS 10.0
[CRITICAL] CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Huntress
Critical Vulnerabilities: WS_FTP Exploitation | Huntress
blogs_huntress·2023-10-02·CVSS 6.1
CVE-2023-40044 [MEDIUM] Critical Vulnerabilities: WS_FTP Exploitation | Huntress
On Thursday, September 28, 2023, software vendor Progress released a security advisory for numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module within their WS_FTP software.
These vulnerabilities were disclosed as:
CVE-2023-40044 (CVSS: 10)
CVE-2023-42657 (CVSS 9.9)
CVE-2023-40045 (CVSS 8.3)
CVE-2023-40046 (CVSS 8.2)
CVE-2023-40048 (CVSS 6.8)
CVE-2022-27665 (CVSS 6.1)
CVE-2023-40049 (CVSS 5.3)
Most notable amongst these were CVE-2023-40044 and CVE-2023-42657, both critical severity issues. Throughout this past weekend, the cybersecurity industry has been chasing CVE-2023-40044 specifically.
## What We Know So Far
As disclosed by Progress , CVE-2023-40044 is the critical (CVSS: 10) remote code execution vulnerability that does not require authentication.
F
Huntress
Critical Vulnerabilities: WS_FTP Exploitation | Huntress
blogs_huntress·CVSS 6.1
CVE-2023-40044 [MEDIUM] Critical Vulnerabilities: WS_FTP Exploitation | Huntress
On Thursday, September 28, 2023, software vendor Progress released a security advisory for numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module within their WS_FTP software.
These vulnerabilities were disclosed as:
- CVE-2023-40044 (CVSS: 10)
- CVE-2023-42657 (CVSS 9.9)
- CVE-2023-40045 (CVSS 8.3)
- CVE-2023-40046 (CVSS 8.2)
- CVE-2023-40048 (CVSS 6.8)
- CVE-2022-27665 (CVSS 6.1)
- CVE-2023-40049 (CVSS 5.3)
Most notable amongst these were CVE-2023-40044 and CVE-2023-42657, both critical severity issues. Throughout this past weekend, the cybersecurity industry has been chasing CVE-2023-40044 specifically.
## What We Know So Far
As disclosed by Progress, CVE-2023-40044 is the critical (CVSS: 10) remote code execution vulnerability that does not require authenticat
2023-09-27
Published