1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Fortra GoAnywhere MFT Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2023-0669 Mappings

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-0669 Fortra GoAnywhere MFT Remote Code Execution Vulnerability secondary_impact T1486 Data Encrypted for Impact
Comments
This vulnerability is exploited through a cross-site request forgery (CSRF) flaw in GoAnywhere's license installation process. Attackers initiate this vulnerability by leveraging the absence of CSRF protection, allowing them to execute remote code without authentication. This enables them to compromise targeted systems, facilitating ransomware attacks and unauthorized access. This vulnerability has been actively exploited, leading to ransomware attacks by the Clop group.
References
  1. https://www.darkreading.com/endpoint-security/massive-goanywhere-rce-exploit
  2. https://www.darkreading.com/cyberattacks-data-breaches/fortra-discloses-critical-auth-bypass-vuln-in-goanywhere-mft
  3. https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
  4. https://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
CVE-2023-0669 Fortra GoAnywhere MFT Remote Code Execution Vulnerability primary_impact T1210 Exploitation of Remote Services
Comments
This vulnerability is exploited through a cross-site request forgery (CSRF) flaw in GoAnywhere's license installation process. Attackers initiate this vulnerability by leveraging the absence of CSRF protection, allowing them to execute remote code without authentication. This enables them to compromise targeted systems, facilitating ransomware attacks and unauthorized access. This vulnerability has been actively exploited, leading to ransomware attacks by the Clop group.
References
  1. https://www.darkreading.com/endpoint-security/massive-goanywhere-rce-exploit
  2. https://www.darkreading.com/cyberattacks-data-breaches/fortra-discloses-critical-auth-bypass-vuln-in-goanywhere-mft
  3. https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
  4. https://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html
CVE-2023-0669 Fortra GoAnywhere MFT Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability is exploited through a cross-site request forgery (CSRF) flaw in GoAnywhere's license installation process. Attackers initiate this vulnerability by leveraging the absence of CSRF protection, allowing them to execute remote code without authentication. This enables them to compromise targeted systems, facilitating ransomware attacks and unauthorized access. This vulnerability has been actively exploited, leading to ransomware attacks by the Clop group.
References
  1. https://www.darkreading.com/endpoint-security/massive-goanywhere-rce-exploit
  2. https://www.darkreading.com/cyberattacks-data-breaches/fortra-discloses-critical-auth-bypass-vuln-in-goanywhere-mft
  3. https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis
  4. https://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html