CVE-2023-0669 - OpenCVE

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortra	Goanywhere Managed File Transfer

Configuration 1 [-]

cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
https://github.com/rapid7/metasploit-framework/pull/17607
https://infosec.exchange/@briankrebs/109795710941843934
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2023-02-06T19:16:19.265Z

Updated: 2024-08-02T05:17:50.355Z

Reserved: 2023-02-03T22:09:23.898Z

Link: CVE-2023-0669

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-02-06T20:15:14.300

Modified: 2024-06-28T13:44:07.773

Link: CVE-2023-0669

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0669", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2023-02-03T22:09:23.898Z", "datePublished": "2023-02-06T19:16:19.265Z", "dateUpdated": "2024-08-02T05:17:50.355Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Goanywhere MFT", "vendor": "Fortra", "versions": [{"lessThanOrEqual": "7.1.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "other", "user": "00000000-0000-4000-9000-000000000000", "value": "Brian Krebs of Krebs on Security"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Ron Bowes of Rapid7"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Caitlin Condon of Rapid7"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Fryco of Frycos Security"}], "datePublic": "2023-02-01T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2023-02-08T22:39:50.064Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"tags": ["media-coverage"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"tags": ["third-party-advisory"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}, {"tags": ["third-party-advisory"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"tags": ["exploit"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"tags": ["media-coverage"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"tags": ["third-party-advisory"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Fortra GoAnywhere MFT License Response Servlet Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.355Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"tags": ["media-coverage", "x_transferred"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"tags": ["exploit", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"tags": ["media-coverage", "x_transferred"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html", "tags": ["x_transferred"]}]}]}}

{"cisaActionDue": "2023-03-03", "cisaExploitAdd": "2023-02-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Fortra GoAnywhere MFT Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2CDAD23-E5EA-4830-9D57-5E6BC0E85244", "versionEndExcluding": "7.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "id": "CVE-2023-0669", "lastModified": "2024-06-28T13:44:07.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-06T20:15:14.300", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"source": "cve@rapid7.com", "tags": ["Patch"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"source": "cve@rapid7.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"source": "cve@rapid7.com", "tags": ["Product"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"source": "cve@rapid7.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "cve@rapid7.com", "type": "Secondary"}]}