virus logo Outbreak Alert

Fortra GoAnywhere MFT RCE Vulnerability

Released: Feb 14, 2023

Download PDF »

GoAnywhere MFT RCE Vulnerability Tags

High Severity

Fortra Vendor

Subscribe

Zero-day exploited in the wild

Fortra (formerly, knowns as HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet. Learn More »

Common Vulnerabilities and Exposures


Background

GoAnywhere MFT is a secure managed file transfer solution that streamlines the exchange of data between systems, employees, customers, and trading partners. The security flaw CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere MFT. According to the Fortra advisory, the exploit requires public internet access to the administrative console of the application.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


February 1, 2023: Fortra posted a security advisory: https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
February 7, 2023: Fortra released a patch (7.1.2) to address this actively exploited vulnerability.


February 10, 2023: Clop ransomware claimed breaching about 130 organisations using GoAnywhere zero-day vulnerability to bleeping computer. https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/

February 10, 2023: CISA added the CVE-2023-0669 GoAnywhere MFT vulnerability to its Known Exploited Vulnerabilities Catalog.

April 17, 2023: Summary of the Investigation related to CVE-2023-0669 posted by the vendor (Fortra).
https://www.fortra.com/blog/summary-investigation-related-cve-2023-0669

FortiGuard Labs recommends updating the vulnerable versions of GoAnywhere MFT and patch to version 7.12 as mentioned in the advisory as soon as possible and has released an IPS signature to detect and block any attack relating to the flaw CVE-2023-0669.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • IPS

  • Web App Security

DETECT

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.