Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Published 2023-02-06 20:15:14
Updated 2023-04-10 20:15:08
Source Rapid7, Inc.
View at NVD,   CVE.org

CVE-2023-0669 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
Notes:
This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login
Added on 2023-02-10 Action due date 2023-03-03

Exploit prediction scoring system (EPSS) score for CVE-2023-0669

96.89%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-0669

  • Fortra GoAnywhere MFT Unsafe Deserialization RCE
    Disclosure Date: 2023-02-01
    First seen: 2023-09-11
    exploit/multi/http/fortra_goanywhere_rce_cve_2023_0669
    This module exploits CVE-2023-0669, which is an object deserialization vulnerability in Fortra GoAnywhere MFT. Authors: - Ron Bowes - Frycos (Florian Hauser)

CVSS scores for CVE-2023-0669

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.2
HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1.2
5.9
NIST

CWE ids for CVE-2023-0669

  • The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
    Assigned by:
    • cve@rapid7.con (Secondary)
    • nvd@nist.gov (Primary)

References for CVE-2023-0669

Products affected by CVE-2023-0669

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!