Description
WS_FTP Ad Hoc Transfer (AHT) is an IIS-based file transfer module that contains a critical .NET deserialization vulnerability. The application improperly deserializes untrusted user-supplied data using unsafe methods, allowing attackers to instantiate arbitrary objects. This vulnerability affects the WS_FTP Server's Ad Hoc Transfer module and can be exploited remotely without authentication.
Remediation
Apply security patches immediately by upgrading WS_FTP Server to version 8.7.4 or 8.8.2 (or later) as provided by Progress Software. Follow these steps:
1. Identify affected systems: Locate all WS_FTP Server installations with the Ad Hoc Transfer module enabled
2. Download patches: Obtain the latest version from the Progress Community portal
3. Test in non-production: Verify the update in a staging environment before production deployment
4. Apply updates: Install the patched version following Progress Software's upgrade documentation
5. Verify remediation: Confirm the version number post-upgrade and test functionality
6. Monitor for exploitation: Review IIS logs for suspicious POST requests to Ad Hoc Transfer endpoints
If immediate patching is not possible, consider temporarily disabling the Ad Hoc Transfer module or implementing network-level access controls to restrict access to trusted IP addresses only.
References
WS_FTP Server Critical Vulnerability - (September 2023)
RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)
Related Vulnerabilities
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5501)
PHP Out-of-bounds Read Vulnerability (CVE-2016-9935)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3470)
Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-32778)
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)