Attackers Exploit Forta GoAnywhere Zero-day Vulnerability

Attackers have been exploiting a Forta GoAnywhere zero-day vulnerability (CVE-2023-0669).

According to a NIST advisory published on February 6, 2023 (last updated February 15, 2023):

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

NIST rates the vulnerability CVE-2023-0669 a CVSS score of 7.8.

Fortra has since released a patch (7.1.2) on February 7, 2023 to address this actively exploited vulnerability.

According to a Rapid7 blog post and Mastodon post by Brian Krebs on February 2, 2023, the vulnerability is a remote code injection flaw that requires administrative console access for successful exploitation:

Figure 1: Brian Krebs (post on Mastodon)

The issue affects on-premise instances of Fortra’s GoAnywhere MFT managed file transfer solution.

AttackerKB also released an update on the issue along with technical analysis.

Related Articles