CVE-2023-0669
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
9
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Goanywhere Encryption Helper version 7.1.1 suffers from a remote code execution vulnerability.
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
*Credits:
Brian Krebs of Krebs on Security, Ron Bowes of Rapid7, Caitlin Condon of Rapid7, Fryco of Frycos Security
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-03 CVE Reserved
- 2023-02-06 CVE Published
- 2023-02-10 Exploited in Wild
- 2023-02-15 First Exploit
- 2023-03-03 KEV Due Date
- 2024-08-02 CVE Updated
- 2024-11-10 EPSS Updated
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (13)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1 | 2024-06-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortra Search vendor "Fortra" | Goanywhere Managed File Transfer Search vendor "Fortra" for product "Goanywhere Managed File Transfer" | < 7.1.2 Search vendor "Fortra" for product "Goanywhere Managed File Transfer" and version " < 7.1.2" | - |
Affected
|