This is an advisory only and is not a notification of activity being seen on your network. This advisory is for organizations that use WS-FTP Server to support secure file transfer capabilities. If your organization does not use this platform, this notification may be discarded.
Progress Software has released hotfixes for its Enterprise WS_FTP server platform to address several vulnerabilities. The most serious of these vulnerabilities, CVE-2023-40044, could allow an unauthenticated, remote attacker to exploit a .NET deserialization vulnerability present in the Ad Hoc Transfer Module to execute remote commands on the underlying WS-FTP Server’s operating system. A second critical vulnerability, CVE-2023-42657, could allow an attacker to perform file operations on files and folders outside of their authorized WS-FTP folder path or on the underlying operating system.