CVE-2023-0669 - OpenCVE

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Fortra	Goanywhere Managed File Transfer

Configuration 1 [-]

cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis	Exploit Third Party Advisory
https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft	Third Party Advisory
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html	Exploit Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/17607	Patch
https://infosec.exchange/@briankrebs/109795710941843934	Mitigation Third Party Advisory
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1	Product
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/	Mitigation Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2023-02-06T19:16:19.265Z

Updated: 2023-02-08T22:39:50.064Z

Reserved: 2023-02-03T22:09:23.898Z

Link: CVE-2023-0669

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-06T20:15:14.300

Modified: 2023-04-10T20:15:08.170

Link: CVE-2023-0669

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-0669", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2023-02-03T22:09:23.898Z", "datePublished": "2023-02-06T19:16:19.265Z", "dateUpdated": "2023-02-08T22:39:50.064Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Goanywhere MFT", "vendor": "Fortra", "versions": [{"lessThanOrEqual": "7.1.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "other", "user": "00000000-0000-4000-9000-000000000000", "value": "Brian Krebs of Krebs on Security"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Ron Bowes of Rapid7"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Caitlin Condon of Rapid7"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Fryco of Frycos Security"}], "datePublic": "2023-02-01T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2023-02-08T22:39:50.064Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"tags": ["media-coverage"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"tags": ["third-party-advisory"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}, {"tags": ["third-party-advisory"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"tags": ["exploit"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"tags": ["media-coverage"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"tags": ["third-party-advisory"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Fortra GoAnywhere MFT License Response Servlet Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"cisaActionDue": "2023-03-03", "cisaExploitAdd": "2023-02-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Fortra GoAnywhere MFT Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2CDAD23-E5EA-4830-9D57-5E6BC0E85244", "versionEndExcluding": "7.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."}], "id": "CVE-2023-0669", "lastModified": "2023-04-10T20:15:08.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-06T20:15:14.300", "references": [{"source": "cve@rapid7.com", "url": "http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"}, {"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"}, {"source": "cve@rapid7.com", "tags": ["Patch"], "url": "https://github.com/rapid7/metasploit-framework/pull/17607"}, {"source": "cve@rapid7.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://infosec.exchange/@briankrebs/109795710941843934"}, {"source": "cve@rapid7.com", "tags": ["Product"], "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1"}, {"source": "cve@rapid7.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "cve@rapid7.com", "type": "Secondary"}]}