Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:1D60282E-FEBB-44A9-9267-EE45F1D583D8
HistoryFeb 13, 2023 - 12:00 a.m.

CVE-2023-0669

2023-02-1300:00:00
attackerkb.com
21

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.966 High

EPSS

Percentile

99.5%

JSON

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

Recent assessments:

rbowes-r7 at February 06, 2023 8:59pm UTC reported:

This is currently unpatched and vulnerable in the default state. The time from reading the mitigation to having a working exploit was less than day, and that’s for somebody who isn’t super good at Java vulnerabilities.

cbeek-r7 at October 16, 2023 12:28pm UTC reported:

This is currently unpatched and vulnerable in the default state. The time from reading the mitigation to having a working exploit was less than day, and that’s for somebody who isn’t super good at Java vulnerabilities.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

Related

hivepro 1
prion 1
github 1
malwarebytes 3
nessus 1
packetstorm 2
qualysblog 3
osv 1
githubexploit 6
zdt 2
rapid7blog 4
thn 5
metasploit 1
cisa_kev 1
talosblog 2
nuclei 1
cve 1
exploitdb 1
ics 2
impervablog 1
hivepro
hivepro
Clop Ransomware Group Claims Responsibility for GoAnywhere MFT Attacks
2023-02-13 11:34:45
prion
prion
Command injection
2023-02-06 20:15:00
github
github
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
2023-02-06 21:30:29
malwarebytes
malwarebytes
GoAnywhere zero-day opened door to Clop ransomware
2023-02-20 02:00:00
Clop ransomware is victimizing GoAnywhere MFT customers
2023-03-14 04:00:00
Rubrik is latest victim of the Clop ransomware zero-day campaign
2023-03-17 16:30:00
nessus
nessus
Fortra GoAnywhere Managed File Transfer (MFT) < 7.1.2 Pre-Authentication Command Injection (CVE-2023-0669)
2023-02-22 00:00:00
packetstorm
packetstorm
Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution
2023-02-09 00:00:00
Goanywhere Encryption Helper 7.1.1 Remote Code Execution
2023-04-10 00:00:00
qualysblog
qualysblog
Forta GoAnywhere Zero-Day Exploited By Threat Actors
2023-02-15 23:34:54
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
2023-09-26 13:04:00
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
2023-12-19 15:00:00
osv
osv
Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
2023-02-06 21:30:29
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer
2023-02-21 18:47:42
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer
2023-04-06 03:40:03
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer
2023-02-26 02:33:54
zdt
zdt
Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution Exploit
2023-02-13 00:00:00
Goanywhere Encryption helper 7.1.1 - Remote Code Execution Exploit
2023-04-08 00:00:00
rapid7blog
rapid7blog
Exploitation of GoAnywhere MFT zero-day vulnerability
2023-02-03 16:18:21
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
2024-01-23 18:42:31
Metasploit Weekly Wrap-Up
2023-02-10 19:39:42
thn
thn
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
2023-04-20 11:22:00
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin
2024-01-24 05:32:00
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
2023-02-11 05:45:00
metasploit
metasploit
Fortra GoAnywhere MFT Unsafe Deserialization RCE
2023-02-08 15:24:27
cisa_kev
cisa_kev
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
2023-02-10 00:00:00
talosblog
talosblog
Threat Source newsletter (Feb. 23, 2023) β€” Social media sites are making extra security a paid feature
2023-02-23 19:00:45
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
2023-07-26 12:00:57
nuclei
nuclei
Fortra GoAnywhere MFT - Remote Code Execution
2023-02-10 14:50:32
cve
cve
CVE-2023-0669
2023-02-06 20:15:14
exploitdb
exploitdb
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
2023-04-08 00:00:00
ics
ics
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
2023-06-07 12:00:00
Understanding Ransomware Threat Actors: LockBit
2023-06-14 12:00:00
impervablog
impervablog
Why Attackers Target the Government Industry
2023-05-09 14:47:17

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.966 High

EPSS

Percentile

99.5%

JSON
Related for AKB:1D60282E-FEBB-44A9-9267-EE45F1D583D8
hivepro1prion1github1malwarebytes3nessus1packetstorm2qualysblog3osv1githubexploit6zdt2rapid7blog4thn5metasploit1cisa_kev1talosblog2nuclei1cve1exploitdb1ics2impervablog1