Enhancement: cves/2023/CVE-2023-0669.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-22 14:05:30 -04:00
parent 03b8483fb7
commit 37b0b488e0
1 changed files with 6 additions and 3 deletions

View File

@ -1,16 +1,17 @@
id: CVE-2023-0669
info:
name: GoAnywhere MFT - Remote Code Execution (ZeroDay)
name: Fortra GoAnywhere MFT - Remote Code Execution
author: rootxharsh,iamnoooob,dhiyaneshdk,pdresearch
severity: high
description: |
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.
reference:
- https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
- https://infosec.exchange/@briankrebs/109795710941843934
- https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2023-0669
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
@ -46,3 +47,5 @@ requests:
- type: status
status:
- 500
# Enhanced by md on 2023/03/22