Enhancement: cves/2023/CVE-2023-0669.yaml by md

cves/2023/CVE-2023-0669.yaml

@@ -1,16 +1,17 @@
 id: CVE-2023-0669
 
 info:
-  name: GoAnywhere MFT - Remote Code Execution (ZeroDay)
+  name: Fortra GoAnywhere MFT - Remote Code Execution
   author: rootxharsh,iamnoooob,dhiyaneshdk,pdresearch
   severity: high
   description: |
-    Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
+    Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.
   reference:
     - https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
     - https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
     - https://infosec.exchange/@briankrebs/109795710941843934
     - https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-0669
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.2
@@ -46,3 +47,5 @@ requests:
       - type: status
         status:
           - 500
+
+# Enhanced by md on 2023/03/22