Vulnerability researchers at Rapid7 discovered threat actors targeting a pre-authentication flaw in Progress Software’s WS_FTB server. The attacks come just days after the company released security patches for the server product.
CVE-2023-40044 is a critical severity flaw that affects all WS_FTP Server versions prior to 8.7.4 and 8.8.2. Rapid7 researchers noted that attackers utilized the same Burp Suite domain across all exploit attempts, possibly indicating a single threat actor is behind the activity. Assetnote discovered that 3,000 hosts are still running outdated and exposed versions of WS_FTP. Many of the servers contain sensitive assets belonging to large companies and governments.