FortiGuard Labs is aware of a report that a remote code execution (RCE) vulnerability in the GoAnywhere MFT (Managed File Transfer) tool (CVE-2023-0669) is being actively exploited in the wild. The Cl0p ransomware threat actor reportedly claimed to have leveraged the vulnerability to compromise vulnerable GoAnywhere MFT servers and steal data from over 130 organizations. FortiGuard Labs has an Outbreak Alert writeup page that contains additional information on CVE-2023-0669 which contains a comprehensive list of protections and can be found here.Why is this Significant?This is significant because a RCE vulnerability in the GoAnywhere MFT tool (CVE-2023-0669) is being actively exploited in the wild. The Cl0p ransomware group allegedly exploited the vulnerability and stole data from multiple organizations for financial extortion.On February 10, 2023, CISA (Cybersecurity and Infrastructure Security Agency) added CVE-2023-0669 to the Known Exploited Vulnerabilities catalog.A patch is available in version 7.1.2 and should be applied as soon as possible.What is GoAnywhere MFT?GoAnywhere MFT is a tool developed by Fortra that allows organizations to centralize, control and streamline internal and external file transfers.What is CVE-2023-0669?CVE-2023-0669 is a command injection vulnerability in GoAnywhere MFT and affects version 7.1.1 and prior. Successful exploitation of the vulnerability allows attackers to gain remote code execution on vulnerable GoAnywhere MFT.The vulnerability has a CVSS score of 7.2.Has the Vendor Released an Advisory for What is CVE-2023-0669?Fortra released the advisory in their customer portal. See the Appendix for a link to “Security Advisory” (note that login is required to access the advisory).Has the Vendor Released a Patch for CVE-2023-0669?Yes. Fortra released a patch in version 7.1.2 on February 13, 2023.Any Mitigation?Fortra provided mitigation methods in the advisory. For details, see the Appendix for a link to “Security Advisory” (note that a login is required to access the advisory).What is the Status of Protection?FortiGuard Labs released the following IPS signature in version 22.495for CVE-2023-0669:Fortra.GoAnywhere.MFT.LicenseResponseServlet.Command.Injection (default action is set to “pass” – please adjust to ‘block’ for active protection)
More Stories
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...