Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-0669— Fortra GoAnywhere MFT License Response Servlet Command Injection

KEV · Ransomware EPSS 94.38% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-0669

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Fortra GoAnywhere MFT License Response Servlet Command Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
HelpSystems GoAnywhere MFT 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HelpSystems GoAnywhere MFT是美国HelpSystems公司的一款托管文件传输软件。 HelpSystems GoAnywhere MFT存在安全漏洞,该漏洞源于身份验证不正确,从而导致命令注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
FortraGoanywhere MFT 0 ~ 7.1.1 -

II. Public POCs for CVE-2023-0669

#POC DescriptionSource LinkShenlong Link
1CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.https://github.com/0xf4n9x/CVE-2023-0669POC Details
2CVE-2023-0669 GoAnywhere MFT command injection vulnerabilityhttps://github.com/cataliniovita/CVE-2023-0669POC Details
3Nonehttps://github.com/Griffin-01/CVE-2023-0669POC Details
4CVE analysis for CVE-2023-0669https://github.com/yosef0x01/CVE-2023-0669-AnalysisPOC Details
5GoAnywhere MFT CVE-2023-0669 LicenseResponseServlet Deserialization Vulnerabilities Python RCE PoC(Proof of Concept)https://github.com/Avento/CVE-2023-0669POC Details
6Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-0669.yamlPOC Details
7Nonehttps://github.com/zakaria-laouani/cve-2023-0669-simulationPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-0669

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Goanywhere MFT
Same vendor: Fortra
Same weakness: CWE-502

V. Comments for CVE-2023-0669

No comments yet

Leave a comment