CVE-2023-0669 — Fortra GoAnywhere MFT Remote Code Execution Vulnerability

2023-02-10 • CISA Known Exploited Vulnerability

[event] Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.

> AFFECTED SOFTWARE

Field	Value
Vendor	Fortra
Product	GoAnywhere MFT
CWE	CWE-502
CVE ID	CVE-2023-0669
Date Added	2023-02-10
Due Date	2023-03-03
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-03-03

> REFERENCES

[1] https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a.
[2] https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml.
[3] https://nvd.nist.gov/vuln/detail/CVE-2023-0669