PRP: Request GoAnywhere MFT RCE (CVE-2023-0669) #540
Comments
|
Hi @SuperX-SIR, Would you be willing to first contribute to fingerprints for the software? Thanks |
|
There are some difficulties in writing application fingerprints. This is a non-open source application and there are only four tags in two official hubs. https://hub.docker.com/r/helpsystems/goanywhere-mft |
get login html will response with title version
|
|
Hi @SuperX-SIR, Then you can continue with the development of the RCE. ~tooryx |
tooryx
added
the
Contributor main
|
Add instructions to create the test environment google/security-testbeds#90 |
Hello.
I want to contribute to the tsunami scanner with a detector plugin to detect CVE-2023-0669 vulnerability
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-0669
https://www.vicarius.io/vsociety/posts/unauthenticated-rce-in-goanywhere
https://www.cve.org/CVERecord?id=CVE-2023-0669
Description
The vulnerability has been assigned a CVE ID CCVE-2023-0669 , the severity level of the vulnerability is 7.2 HIGH : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
This is pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object
versions
version 7.1.1 and its earlier versions
The text was updated successfully, but these errors were encountered: