CVE-2023-40044

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system. Vendor/Product: Progress WS_FTP Server. Added to CISA KEV 2023-10-05; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.