CVE-2023-0669

Description from NVD

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Information Acquisition Date:2023-02-27T14:44Z
CVSS 2.0: 0.0 None CVSS 3.x: 7.2 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
     source:MISC
     tags:Product    
 https://infosec.exchange/@briankrebs/109795710941843934
     source:MISC
     tags:Mitigation    Third Party Advisory    
 https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
     source:MISC
     tags:Mitigation    Third Party Advisory    
 https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://github.com/rapid7/metasploit-framework/pull/17607
     source:MISC
     tags:Patch    
 https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
     source:MISC
     tags:Third Party Advisory    
 https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
     source:MISC
     tags:Exploit    Third Party Advisory    

Description from Forti

Deserialization of Untrusted Data Vulnerability in GoAnywhere MFT

Information Acquisition Date:2023/02/13

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Java(1 tweets) Linux(1 tweets) Windows(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...177
https://cvetrends.com48
https://lists.astaro.com/ASGV9-IPS-rules.html#016
http://twinybots.ch7
https://www.vicarius.io/vsociety/blog/unauthenticated-rce-i...4
https://securityonline.info/poc-exploit-for-goanywhere-mft-...4
https://github.com/0xf4n9x/CVE-2023-06693
https://twitter.com/_0xf4n9x_/status/16243088039604387913
https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapi...3
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-f...3
https://thestack.technology/goanywhere-mft-vulnerability-ex...3
https://www.securityweek.com/goanywhere-zero-day-attack-vic...3
https://codebook.machinarecord.com/threatreport/261073

▼ Show Information from Twitter(76)

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com177
cvetrends.com48
lists.astaro.com16
twinybots.ch7
www.vicarius.io4
securityonline.info4
github.com3
twitter.com3
attackerkb.com3
frycos.github.io3
thestack.technology3
www.securityweek.com3
codebook.machinarecord.com3

▼ Show Information from Twitter(76)

GitHub Search Results: Up to 10
NameURL
0xf4n9x/CVE-2023-0669 https://github.com/0xf4n9x/CVE-2023-0669
Live-Hack-CVE/CVE-2023-0669 https://github.com/Live-Hack-CVE/CVE-2023-0669
GitHub Search Results: Up to 10
NameURL
0xf4n9x/CVE-2023-0669 github.com
Live-Hack-CVE/CVE-2023-0669 github.com
2023/04/18 Score : 0
Added Har-sia Database : 2023/02/07
Last Modified : 2023/04/18
Highest Scored Date : 2023/02/12
Highest Score : 24