CVE-2023-40044

CRITICAL KEV RANSOMWARE NUCLEI

WS_FTP Server < 8.7.4 - Unauthenticated Remote Code Execution via .NET Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-40044 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 5, 2023, with confirmed use in ransomware campaigns. EIP tracks 2 public exploits from researchers including kenbuckler, sfewer-r7, including a Metasploit module exploits/windows/http/ws_ftp_rce_cve_2023_40044. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository lacks exploit code or technical details about CVE-2023-40044, instead redirecting to an external news ticker and listing affected organizations. No PoC, analysis, or vulnerability specifics are provided.

Description

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

Exploits (2)

nomisec SUSPICIOUS 1 stars
by kenbuckler · poc
https://github.com/kenbuckler/WS_FTP-CVE-2023-40044

The repository lacks exploit code or technical details about CVE-2023-40044, instead redirecting to an external news ticker and listing affected organizations. No PoC, analysis, or vulnerability specifics are provided.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: WS_FTP
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by sfewer-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ws_ftp_rce_cve_2023_40044.rb

This Metasploit module exploits an unsafe .NET deserialization vulnerability (CVE-2023-40044) in Progress Software WS_FTP Server's Ad Hoc Transfer module to achieve unauthenticated remote code execution. It uses multiple gadget chains and targets versions prior to 2020.0.4 and 2022.0.2.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Progress Software WS_FTP Server (versions prior to 2020.0.4 and 2022.0.2)
No auth needed
Prerequisites: Target must have the Ad Hoc Transfer module enabled · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WS_FTP Server - Insecure Deserialization
CRITICALVERIFIEDby 0x_Akoko
Shodan: title:"Ad Hoc Transfer"

References (9)

Core 9
Core References
Third Party Advisory
https://censys.com/cve-2023-40044/
Press/Media Coverage, Third Party Advisory
https://www.theregister.com/2023/10/02/ws_ftp_update/

Scores

CVSS v3 10.0
EPSS 0.9444
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2023-10-05
VulnCheck KEV 2023-10-01
InTheWild.io 2023-10-05
ENISA EUVD EUVD-2023-44651
Ransomware Use Confirmed
CWE
CWE-502
Status published
Products (1)
progress/ws_ftp_server < 8.7.4
Published Sep 27, 2023
KEV Added Oct 05, 2023
Tracked Since Feb 18, 2026