Vulnerability Details : CVE-2023-0669
Public exploit exists!
Used for ransomware!
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Products affected by CVE-2023-0669
- cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
CVE-2023-0669 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
Notes:
This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login
Added on
2023-02-10
Action due date
2023-03-03
Exploit prediction scoring system (EPSS) score for CVE-2023-0669
94.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-0669
-
Fortra GoAnywhere MFT Unsafe Deserialization RCE
Disclosure Date: 2023-02-01First seen: 2023-09-11exploit/multi/http/fortra_goanywhere_rce_cve_2023_0669This module exploits CVE-2023-0669, which is an object deserialization vulnerability in Fortra GoAnywhere MFT. Authors: - Ron Bowes - Frycos (Florian Hauser)
CVSS scores for CVE-2023-0669
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2023-0669
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- cve@rapid7.com (Secondary)
- cve@rapid7.con (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-0669
-
https://github.com/rapid7/metasploit-framework/pull/17607
Fortra deserialization RCE CVE-2023-0669 (ETR) by rbowes-r7 · Pull Request #17607 · rapid7/metasploit-framework · GitHubPatch
-
http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
Goanywhere Encryption Helper 7.1.1 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://infosec.exchange/@briankrebs/109795710941843934
BrianKrebs: "GoAnywhere MFT, a popular file…" - Infosec ExchangeMitigation;Third Party Advisory
-
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
Customer PortalProduct
-
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
GoAnywhere MFT - A Forgotten Bug | Frycos Security DiaryExploit;Third Party Advisory
-
https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Fortra Patches Actively Exploited Zero Day in GoAnywhere MFT | DecipherThird Party Advisory
-
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
Exploitation of GoAnywhere MFT zero-day vulnerability | Rapid7 BlogMitigation;Third Party Advisory
-
https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
CVE-2023-0669 | AttackerKBExploit;Third Party Advisory
Jump to