CVE-2023-0669 (GCVE-0-2023-0669)

Vulnerability from cvelistv5 – Published: 2023-02-06 19:16 – Updated: 2025-10-21 23:15
VLAI? CISA
Summary
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Severity ?
7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
Fortra Goanywhere MFT Affected: 0 , ≤ 7.1.1 (semver)
Create a notification for this product.
Credits
Brian Krebs of Krebs on Security Ron Bowes of Rapid7 Caitlin Condon of Rapid7 Fryco of Frycos Security
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2023-02-10

Due date: 2023-03-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.; https://nvd.nist.gov/vuln/detail/CVE-2023-0669

Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:17:50.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"
          },
          {
            "tags": [
              "media-coverage",
              "x_transferred"
            ],
            "url": "https://infosec.exchange/@briankrebs/109795710941843934"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/rapid7/metasploit-framework/pull/17607"
          },
          {
            "tags": [
              "media-coverage",
              "x_transferred"
            ],
            "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-0669",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:06.460030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-02-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0669"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:27.683Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0669"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-02-10T00:00:00+00:00",
            "value": "CVE-2023-0669 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Goanywhere MFT",
          "vendor": "Fortra",
          "versions": [
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "other",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Brian Krebs of Krebs on Security"
        },
        {
          "lang": "en",
          "type": "analyst",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ron Bowes of Rapid7"
        },
        {
          "lang": "en",
          "type": "analyst",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Caitlin Condon of Rapid7"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Fryco of Frycos Security"
        }
      ],
      "datePublic": "2023-02-01T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."
            }
          ],
          "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-10T19:06:33.125Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"
        },
        {
          "tags": [
            "media-coverage"
          ],
          "url": "https://infosec.exchange/@briankrebs/109795710941843934"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/rapid7/metasploit-framework/pull/17607"
        },
        {
          "tags": [
            "media-coverage"
          ],
          "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Fortra GoAnywhere MFT License Response Servlet Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2023-0669",
    "datePublished": "2023-02-06T19:16:19.265Z",
    "dateReserved": "2023-02-03T22:09:23.898Z",
    "dateUpdated": "2025-10-21T23:15:27.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-0669",
      "cwes": "[\"CWE-502\"]",
      "dateAdded": "2023-02-10",
      "dueDate": "2023-03-03",
      "knownRansomwareCampaignUse": "Known",
      "notes": "This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.;  https://nvd.nist.gov/vuln/detail/CVE-2023-0669",
      "product": "GoAnywhere MFT",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.",
      "vendorProject": "Fortra",
      "vulnerabilityName": "Fortra GoAnywhere MFT Remote Code Execution Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-03-03",
      "cisaExploitAdd": "2023-02-10",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Fortra GoAnywhere MFT Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.1.2\", \"matchCriteriaId\": \"F2CDAD23-E5EA-4830-9D57-5E6BC0E85244\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.\"}]",
      "id": "CVE-2023-0669",
      "lastModified": "2024-11-21T07:37:35.710",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
      "published": "2023-02-06T20:15:14.300",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rapid7/metasploit-framework/pull/17607\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://infosec.exchange/@briankrebs/109795710941843934\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rapid7/metasploit-framework/pull/17607\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://infosec.exchange/@briankrebs/109795710941843934\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@rapid7.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve@rapid7.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-0669\",\"sourceIdentifier\":\"cve@rapid7.com\",\"published\":\"2023-02-06T20:15:14.300\",\"lastModified\":\"2025-11-03T15:06:12.700\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.\"},{\"lang\":\"es\",\"value\":\"Fortra (anteriormente HelpSystems) GoAnywhere MFT presenta una vulnerabilidad de inyecci\u00f3n de comandos de preautenticaci\u00f3n en el servlet de respuesta a licencias debido a la deserializaci\u00f3n de un objeto arbitrario controlado por un atacante. Este problema se solucion\u00f3 en la versi\u00f3n 7.1.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-02-10\",\"cisaActionDue\":\"2023-03-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Fortra GoAnywhere MFT Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1.2\",\"matchCriteriaId\":\"F2CDAD23-E5EA-4830-9D57-5E6BC0E85244\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rapid7/metasploit-framework/pull/17607\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://infosec.exchange/@briankrebs/109795710941843934\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rapid7/metasploit-framework/pull/17607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://infosec.exchange/@briankrebs/109795710941843934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0669\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Goanywhere MFT\", \"vendor\": \"Fortra\", \"versions\": [{\"lessThanOrEqual\": \"7.1.1\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"other\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Brian Krebs of Krebs on Security\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Ron Bowes of Rapid7\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Caitlin Condon of Rapid7\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Fryco of Frycos Security\"}], \"datePublic\": \"2023-02-01T15:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.\"}], \"value\": \"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"9974b330-7714-4307-a722-5648477acda7\", \"shortName\": \"rapid7\", \"dateUpdated\": \"2023-04-10T19:06:33.125Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1\"}, {\"tags\": [\"media-coverage\"], \"url\": \"https://infosec.exchange/@briankrebs/109795710941843934\"}, {\"tags\": [\"third-party-advisory\"], \"url\": \"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/\"}, {\"tags\": [\"third-party-advisory\"], \"url\": \"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis\"}, {\"tags\": [\"exploit\"], \"url\": \"https://github.com/rapid7/metasploit-framework/pull/17607\"}, {\"tags\": [\"media-coverage\"], \"url\": \"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft\"}, {\"tags\": [\"third-party-advisory\"], \"url\": \"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html\"}, {\"url\": \"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Fortra GoAnywhere MFT License Response Servlet Command Injection\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:17:50.355Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1\"}, {\"tags\": [\"media-coverage\", \"x_transferred\"], \"url\": \"https://infosec.exchange/@briankrebs/109795710941843934\"}, {\"tags\": [\"third-party-advisory\", \"x_transferred\"], \"url\": \"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/\"}, {\"tags\": [\"third-party-advisory\", \"x_transferred\"], \"url\": \"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis\"}, {\"tags\": [\"exploit\", \"x_transferred\"], \"url\": \"https://github.com/rapid7/metasploit-framework/pull/17607\"}, {\"tags\": [\"media-coverage\", \"x_transferred\"], \"url\": \"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft\"}, {\"tags\": [\"third-party-advisory\", \"x_transferred\"], \"url\": \"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html\"}, {\"url\": \"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0669\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-09T05:05:06.460030Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-02-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0669\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0669\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T14:09:49.104Z\"}, \"timeline\": [{\"time\": \"2023-02-10T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2023-0669 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-0669\", \"assignerOrgId\": \"9974b330-7714-4307-a722-5648477acda7\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"rapid7\", \"dateReserved\": \"2023-02-03T22:09:23.898Z\", \"datePublished\": \"2023-02-06T19:16:19.265Z\", \"dateUpdated\": \"2025-10-21T19:45:51.333Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.