CVE-2023-0669

CVE Database · CVE-2023-0669

CVE-2023-0669

· HIGHAnalyzed

CVSS v3.1

7.2

EPSS

100.00%

Published

Feb 6, 2023

Modified

Nov 3, 2025

CISA Known Exploited Vulnerability

Added: 2023-02-10 · Due: 2023-03-03

Apply updates per vendor instructions.

Public PoC / Exploit (9)

All weaponized →

Exploit-DBGoanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)NucleiNuclei detection template TrickestTrickest PoC index GitHub PoC0xf4n9x/CVE-2023-0669★103 GitHub PoCAvento/CVE-2023-0669★8 GitHub PoCyosef0x01/CVE-2023-0669-Analysis★7 GitHub PoCcataliniovita/CVE-2023-0669★0 GitHub PoCGriffin-01/CVE-2023-0669★0 GitHub PoCzakaria-laouani/cve-2023-0669-simulation★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502CWE-502

Affected Products (1)

fortra · goanywhere_managed_file_transfer (up to 7.1.2)vulnerable

References (17)

http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis

ExploitThird Party Advisory

https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Broken LinkThird Party Advisory

https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html

ExploitThird Party Advisory

https://github.com/rapid7/metasploit-framework/pull/17607

KEV Catalog EPSS Scores Vendors All CVEs