CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 3, 2023
Description
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
EPSS — Exploit Probability
Higher than 100.0% of all CVEs
Required Action
This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.; https://nvd.nist.gov/vuln/detail/CVE-2023-0669
Risk Assessment
CRITICALDetails
- Severity
- High
- EPSS
- 94.4%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Feb 10, 2023
Added to KEV
Feb 10, 2023
Remediation Due
Mar 3, 2023