CVE-2023-0669
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Feb 10, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Fortra / GoAnywhere MFT
Vulnerability
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
Added to KEV
Feb 10, 2023
Remediate by
Mar 3, 2023
Known ransomware use
Yes
Summary description
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
Required action
Apply updates per vendor instructions.
Notes
This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.; https://nvd.nist.gov/vuln/detail/CVE-2023-0669