Vulnerabilities > CVE-2023-0669 - Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Clop ransomware claims to be behind GoAnywhere zero-day attacks (source)
- Healthcare giant CHS reports first data breach in GoAnywhere hacks (source)
- Hitachi Energy confirms data breach after Clop GoAnywhere attacks (source)
- Procter & Gamble confirms data theft via GoAnywhere zero-day (source)
- March 2023 broke ransomware attack records with 459 incidents (source)
- Fortra shares findings on GoAnywhere MFT zero-day attacks (source)
- Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks (source)
- Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! (source)
- Fortra warns of new critical GoAnywhere MFT auth bypass, patch now (source)
References
- http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
- https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
- https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
- https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
- https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
- https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
- https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
- https://github.com/rapid7/metasploit-framework/pull/17607
- https://github.com/rapid7/metasploit-framework/pull/17607
- https://infosec.exchange/@briankrebs/109795710941843934
- https://infosec.exchange/@briankrebs/109795710941843934
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
- https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
- https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/