Lucene search

CVE-2023-0669

🗓️ 06 Feb 2023 00:00:00Reported by AttackerKBType

Vulnerability in Fortra GoAnywhere MFT (formerly, HelpSystems) pre-auth command injection due to deserialization of attacker-controlled object. Unpatched and vulnerable. Short mitigation-to-exploit time.

Reporter	Title	Published	Views	Family All 47
Tenable Nessus	Fortra GoAnywhere Managed File Transfer (MFT) < 7.1.2 Pre-Authentication Command Injection (CVE-2023-0669)	22 Feb 202300:00	–	nessus
Vulnrichment	CVE-2023-0669 Fortra GoAnywhere MFT License Response Servlet Command Injection	6 Feb 202319:16	–	vulnrichment
Malwarebytes	Clop ransomware is victimizing GoAnywhere MFT customers	14 Mar 202304:00	–	malwarebytes
Malwarebytes	GoAnywhere zero-day opened door to Clop ransomware	20 Feb 202302:00	–	malwarebytes
Malwarebytes	Rubrik is latest victim of the Clop ransomware zero-day campaign	17 Mar 202316:30	–	malwarebytes
Packet Storm	Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution	9 Feb 202300:00	–	packetstorm
Packet Storm	Goanywhere Encryption Helper 7.1.1 Remote Code Execution	10 Apr 202300:00	–	packetstorm
Hive Pro Threat Advisories	Clop Ransomware Group Claims Responsibility for GoAnywhere MFT Attacks	13 Feb 202311:34	–	hivepro
Prion	Command injection	6 Feb 202320:15	–	prion
Github Security Blog	Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework	6 Feb 202321:30	–	github

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cisa	www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
github	www.github.com/yosef0x01/CVE-2023-0669-Analysis
github	www.github.com/0xf4n9x/CVE-2023-0669
my	www.my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
infosec	www.infosec.exchange/@briankrebs/109795710941843934
rapid7	www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
attackerkb	www.attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
github	www.github.com/rapid7/metasploit-framework/pull/17607
duo	www.duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Feb 2023 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS37.2

EPSS0.9702