Skip to main content
All vulnerabilities
CVE-2023-0669 Known ransomware use

Fortra GoAnywhere MFT Remote Code Execution Vulnerability

FortraGoAnywhere MFT

Added to KEV catalog
10 February 2023
Federal remediation due date
3 March 2023
Weakness classification (CWE)
CWE-502

CISA Description

Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.

Required action

Apply updates per vendor instructions.

Notes

This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.; https://nvd.nist.gov/vuln/detail/CVE-2023-0669

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services