* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Discover your WS\_FTP Expo...

# Discover your WS\_FTP Exposures with Cortex Xpanse

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdiscover-your-ws_ftp-exposures-with-cortex-xpanse%2F)  
[](https://twitter.com/share?text=Discover+your+WS_FTP+Exposures+with+Cortex+Xpanse&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdiscover-your-ws_ftp-exposures-with-cortex-xpanse%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fdiscover-your-ws_ftp-exposures-with-cortex-xpanse%2F&title=Discover+your+WS_FTP+Exposures+with+Cortex+Xpanse&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/discover-your-ws_ftp-exposures-with-cortex-xpanse/&ts=markdown)  
\[\](mailto:?subject=Discover your WS\_FTP Exposures with Cortex Xpanse)  
Link copied  
By [Giuliana Sturma](https://www.paloaltonetworks.com/blog/author/giuliana-sturma/?ts=markdown "Posts by Giuliana Sturma")  
Oct 04, 2023  
3 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)  
[ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)  
[CVE-2023-40044](https://www.paloaltonetworks.com/blog/tag/cve-2023-40044/?ts=markdown)  
[WS\_FTP Exposures](https://www.paloaltonetworks.com/blog/tag/ws_ftp-exposures/?ts=markdown)

On September 27, 2023, Progress Software released an [advisory](https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023) alerting customers of a critical vulnerability (CVE-2023-40044) in their WS\_FTP Server product. WS\_FTP Server is a secure file transfer server software designed to facilitate the exchange of files between a local computer and a remote server. This critical vulnerability is concerning since it could allow an attacker to execute arbitrary code, potentially compromising a system and gaining privileged access to sensitive data.

Since this CVE was announced, Cortex Xpanse researchers have observed over 11,900 instances of WS\_FTP servers across the global internet. According to cyber research engineer, Choman Saleem, the majority of responses have been identified through TCP/22 (SSH) and TCP/21 (FTP) services, and many of these instances are running versions known to be vulnerable. The low-complexity nature of the vulnerabilities further underscores the urgency of addressing them.
![Fig 1: Cortex Xpanse research on the global observations of Progress Software WS\_FTP Server](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-305654-1-1.png)
Fig 1: Cortex Xpanse research on the global observations of Progress Software WS\_FTP Server

To mitigate the risks associated with the WS\_FTP vulnerability, organizations should proactively manage their attack surface. Xpanse has developed an Attack Surface Rule designed to identify exposed instances of WS\_FTP, enabling organizations to promptly detect and address vulnerabilities, thereby reducing the risk of exploitation.
![Fig 2: Attack Surface Rule for Insecure WinSock File Transfer Protocol (WS\_FTP)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-305654-2-1.png)
Fig 2: Attack Surface Rule for Insecure WinSock File Transfer Protocol (WS\_FTP)

In addition to deploying an Attack Surface Rule for WS\_FTP, Xpanse also incorporates threat intelligence data into its platform via its Threat Response Center. By utilizing the latest information concerning high-priority vulnerabilities, methods used for exploitation, and threat actors, Xpanse enables organizations to take proactive measures to mitigate vulnerabilities before they become widespread. This information substantially boosts an organization's capacity to strengthen their defenses against emerging threats, including the WS\_FTP vulnerability.
![Fig 3: Threat Summary and Exploit Intelligence for Insecure WinSock File Transfer Protocol (WS\_FTP)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-305654-3-1.png)
Fig 3: Threat Summary and Exploit Intelligence for Insecure WinSock File Transfer Protocol (WS\_FTP) ![Fig 4: Remediation Guidance and Affected Software for Insecure WinSock File Transfer Protocol (WS\_FTP)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-305654-4-1.png)
Fig 4: Remediation Guidance and Affected Software for Insecure WinSock File Transfer Protocol (WS\_FTP)

If you have identified a vulnerable and exposed instance of WS\_FTP, you should take immediate steps to remediate the issue. Cyberattacks targeting this vulnerability can result in financial losses, legal consequences, damage to reputation, and significant disruption to individuals and organizations. With its dedicated Attack Surface Rule for WS\_FTP technologies, and Threat Response Center alerting, Xpanse offers organizations an enhanced capability to actively seek out and remediate vulnerabilities, thereby strengthening their overall security posture.

To learn more about the Threat Response Center, read our [datasheet](https://www.paloaltonetworks.com/resources/datasheets/cortex-xpanse-threat-response-center).

Palo Alto Networks Unit 42 further illuminates some of the riskiest security observations around attack surface management (ASM) with the [2023 Unit 42 Attack Surface Threat Report](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Accelerate Your Cloud Migration Initiatives with Active Attack Surface Management](https://www2.paloaltonetworks.com/blog/security-operations/accelerate-your-cloud-migration-initiatives-with-active-attack-surface-management/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Enable Proactive Incident Response With Adaptive Risk Scoring](https://www2.paloaltonetworks.com/blog/security-operations/enable-proactive-incident-response-with-adaptive-risk-scoring/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Rage Against the (IP Enabled) Machines: Using Attack Surface Management to Discover Exposed OT and ICS Systems](https://www2.paloaltonetworks.com/blog/security-operations/rage-against-the-ip-enabled-machines-using-attack-surface-management-to-discover-exposed-ot-and-ics-systems/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### How Palo Alto Networks Cortex Helps Federal Agencies Comply with CISA's Binding Operational Directive 23-01](https://www2.paloaltonetworks.com/blog/security-operations/how-palo-alto-networks-cortex-helps-federal-agencies-comply-with-cisas-binding-operational-directive-23-01/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Cortex Xpanse Assess Brings Best in Class ASM to SMBs](https://www2.paloaltonetworks.com/blog/2022/03/best-in-class-asm-to-smbs/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### New Cortex Detectors for macOS Address Stealers and Malicious AppleScript](https://www2.paloaltonetworks.com/blog/security-operations/new-cortex-detectors-for-macos-address-stealers-and-malicious-applescript/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language