CVE-2023-0669 - Fortra GoAnywhere MFT Remote Code Execution Vulnerability
CVE-2023-0669
Fortra | GoAnywhere MFT
- Date Added:
- 2023-02-10
- Due Date:
- 2023-03-03
- Vulnerability Name
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
- Description
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
- Known To Be Used in Ransomware Campaigns?
Known
- Action
Apply updates per vendor instructions.
- Additional Notes
- This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.; https://nvd.nist.gov/vuln/detail/CVE-2023-0669
- Related News Articles
Free security scan for your website