CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Recent assessments:
rbowes-r7 at February 06, 2023 8:59pm UTC reported:
This is currently unpatched and vulnerable in the default state. The time from reading the mitigation to having a working exploit was less than day, and thatโs for somebody who isnโt super good at Java vulnerabilities.
cbeek-r7 at October 16, 2023 12:28pm UTC reported:
This is currently unpatched and vulnerable in the default state. The time from reading the mitigation to having a working exploit was less than day, and thatโs for somebody who isnโt super good at Java vulnerabilities.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0669
duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
github.com/0xf4n9x/CVE-2023-0669
github.com/rapid7/metasploit-framework/pull/17607
github.com/yosef0x01/CVE-2023-0669-Analysis
infosec.exchange/@briankrebs/109795710941843934
my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/
www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%