CVE-2023-0669 – Fortra GoAnywhere MFT Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-0669

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. Goanywhere Encryption Helper version 7.1.1 suffers from a remote code execution vulnerability. Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. • https://www.exploit-db.com/exploits/51339 https://github.com/Avento/CVE-2023-0669 https://github.com/0xf4n9x/CVE-2023-0669 https://github.com/yosef0x01/CVE-2023-0669-Analysis https://github.com/cataliniovita/CVE-2023-0669 http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft https:/ • CWE-502: Deserialization of Untrusted Data •