Description
The developers at Fortra warned users of a zero-day vulnerability that affects its GoAnywhere Managed File Transfer (MFT) solution that results in remote code execution.
Details
GoAnywhere MFT is a secure web-based file transfer solution designed to help organizations automate, simplify and streamline inbound and outbound data transfers. However, on February 1st, 2023, Fortra released a security advisory acknowledging the zero-day vulnerability and offering temporary fixes for the solution.
The vulnerability is tracked as CVE-2023-0669, which enables attackers to leverage the GoAnywhere MFT solutions that are exposed to the internet and achieve remote code execution. Fortra revealed that the attack vector of this exploit requires access to the administrative console of the application, which would most likely be accessible only from within a companys private network, their virtual private network (VPN) or through allow-listed IP addresses when operating from a cloud environment.
Shodan scans would have shown that more than one thousand (1000) GoAnywhere instances were exposed on the internet, most found in the United States. While the attack vector is very limited and the chances of an attack are highly unlikely, it was observed by researchers that large organizations utilize GoAnywhere solutions to transfer sensitive files with their partners. Local governments, healthcare companies, banks, energy firms, financial services companies, museums, and computer part manufacturers utilizing GoAnywhere MFT and a single breach in any one of these organizations can result in extortion of sensitive information.
Remediation
Fortra released a patch (version 7.1.2) on February 7, 2023, to address the issues of this vulnerability and the team highly recommends patching GoAnywhere solutions as soon as possible.
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: GoAnywhere MFT zero-day vulnerability discovered.pdf
References
Toulas, B. (2023, February 3). GoAnywhere MFT zero-day vulnerability lets hackers breach servers. Retrieved from the BleepingComputer.
https://www.bleepingcomputer.com/news/security/goanywhere-mft-zero-day-vulnerability-lets-hackers-breach-servers/
Condon, C. (February 3). Exploitation of GoAnywhere MFT zero-day vulnerability. Retrieved from Rapid7.
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/