CVE-2023-40044 Progress CVE debrief

Who should care

Security teams, server administrators, and incident responders responsible for Progress WS_FTP Server deployments, especially any internet-facing instances or systems supporting file transfer workflows.

Technical summary

The vulnerability is described as a deserialization of untrusted data problem in Progress WS_FTP Server. CISA has flagged it as known exploited, and the KEV entry notes known ransomware campaign use. The available source corpus does not provide version ranges or a detailed impact statement, so defenders should rely on the vendor advisory and CISA guidance for exact remediation steps.

Defensive priority

High priority. Known exploitation plus ransomware-campaign association makes this a rapid-response item for asset owners.

Recommended defensive actions

• Inventory all Progress WS_FTP Server installations and determine which systems are exposed.
• Apply vendor mitigations per Progress instructions as soon as possible.
• If mitigations are unavailable for your deployment, discontinue use of the product until a safe remediation path is available.
• Review CISA KEV requirements and track the 2023-10-26 due date for remediation planning.
• Validate whether any WS_FTP Server hosts show signs of unauthorized activity and preserve logs for investigation.
• Monitor the official CVE, NVD, and vendor advisory pages for updated guidance or affected-version details.

Evidence notes

CISA’s Known Exploited Vulnerabilities catalog lists CVE-2023-40044 for Progress WS_FTP Server with dateAdded 2023-10-05, dueDate 2023-10-26, and notes that known ransomware campaign use is known. The source metadata also points to the Progress community advisory and the NVD record as supporting references.

Official resources