CVE-2023-0669 - Vulnerability Details - OpenCVE

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Feb. 10, 2023.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Fortra	Goanywhere Managed File Transfer

Configuration 1 [-]

cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
https://github.com/rapid7/metasploit-framework/pull/17607
https://infosec.exchange/@briankrebs/109795710941843934
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/

History

Tue, 04 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-02-10'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2023-02-06T19:16:19.265Z

Updated: 2025-02-13T16:39:06.775Z

Reserved: 2023-02-03T22:09:23.898Z

Link: CVE-2023-0669

Vulnrichment

Updated: 2024-08-02T05:17:50.355Z

NVD

Status : Modified

Published: 2023-02-06T20:15:14.300

Modified: 2025-02-04T15:15:16.333

Link: CVE-2023-0669

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0669", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2023-02-03T22:09:23.898Z", "datePublished": "2023-02-06T19:16:19.265Z", "dateUpdated": "2025-02-13T16:39:06.775Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Goanywhere MFT", "vendor": "Fortra", "versions": [{"lessThanOrEqual": "7.1.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "other", "user": "00000000-0000-4000-9000-000000000000", "value": "Brian Krebs of Krebs on Security"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Ron Bowes of Rapid7"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Caitlin Condon of Rapid7"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Fryco of Frycos Security"}], "datePublic": "2023-02-01T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2023-04-10T19:06:33.125Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"tags": ["media-coverage"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"tags": ["third-party-advisory"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}, {"tags": ["third-party-advisory"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"tags": ["exploit"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"tags": ["media-coverage"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"tags": ["third-party-advisory"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Fortra GoAnywhere MFT License Response Servlet Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.355Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"tags": ["media-coverage", "x_transferred"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"tags": ["exploit", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"tags": ["media-coverage", "x_transferred"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2023-12-09T05:05:06.460030Z", "id": "CVE-2023-0669", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-02-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-0669"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T14:10:19.429Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://infosec.exchange/@briankrebs/109795710941843934", "tags": ["media-coverage", "x_transferred"]}, {"url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/rapid7/metasploit-framework/pull/17607", "tags": ["exploit", "x_transferred"]}, {"url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft", "tags": ["media-coverage", "x_transferred"]}, {"url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.355Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-0669", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2023-12-09T05:05:06.460030Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-02-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-0669"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T14:09:49.104Z"}}], "cna": {"title": "Fortra GoAnywhere MFT License Response Servlet Command Injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "other", "user": "00000000-0000-4000-9000-000000000000", "value": "Brian Krebs of Krebs on Security"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Ron Bowes of Rapid7"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Caitlin Condon of Rapid7"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Fryco of Frycos Security"}], "affected": [{"vendor": "Fortra", "product": "Goanywhere MFT", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.1.1"}], "defaultStatus": "unaffected"}], "datePublic": "2023-02-01T15:00:00.000Z", "references": [{"url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1", "tags": ["vendor-advisory"]}, {"url": "https://infosec.exchange/@briankrebs/109795710941843934", "tags": ["media-coverage"]}, {"url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/", "tags": ["third-party-advisory"]}, {"url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis", "tags": ["third-party-advisory"]}, {"url": "https://github.com/rapid7/metasploit-framework/pull/17607", "tags": ["exploit"]}, {"url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft", "tags": ["media-coverage"]}, {"url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html", "tags": ["third-party-advisory"]}, {"url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.", "supportingMedia": [{"type": "text/html", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2023-04-10T19:06:33.125Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0669", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:39:06.775Z", "dateReserved": "2023-02-03T22:09:23.898Z", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "datePublished": "2023-02-06T19:16:19.265Z", "assignerShortName": "rapid7"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-03-03", "cisaExploitAdd": "2023-02-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Fortra GoAnywhere MFT Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2CDAD23-E5EA-4830-9D57-5E6BC0E85244", "versionEndExcluding": "7.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "id": "CVE-2023-0669", "lastModified": "2025-02-04T15:15:16.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-02-06T20:15:14.300", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"source": "cve@rapid7.com", "tags": ["Patch"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"source": "cve@rapid7.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"source": "cve@rapid7.com", "tags": ["Product"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"source": "cve@rapid7.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}