Patch your GoAnywhere MFT immediately

Patch your GoAnywhere MFT immediately

A critical security flaw has been revealed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be exploited to create a new administrative user.

Tracked as CVE-2024-0204the publication has a CVSS score of 9.8 out of 10.

“Authentication bypass in Fortra’s GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an administrative user through the administration portal”, Fortra said in an advice issued on January 22, 2024.

Users who cannot upgrade to version 7.4.1 can apply workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file in the installation directory and restarting the services.

For containerized instances, it is recommended to replace the file with an empty file and restart.

Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants discovered and reported the flaw in December 2023.

Cybersecurity company Horizon3.ai, which is a proof-of-concept (PoC) exploit For CVE-2024-0204, the issue is said to be the result of a path traversal weakness in the “/InitialAccountSetup.xhtml” endpoint that can be exploited to create administrative users.

“The easiest indication of a compromise to analyze is for new additions to the Admin Users group in the GoAnywhere Admin Portal Users -> Admin section,” says Horizon3.ai security researcher Zach Hanley said.

“If the attacker left this user here, you may be able to view the last login activity here to determine an approximate date of the attack.”

While there is no evidence of active exploitation of CVE-2024-0204 in the wild, another flaw in the same product (CVE-2023-0669, CVSS score: 7.2) was exploited by the Cl0p ransomware group last year to almost 130 victims to hack. .



#Patch #GoAnywhere #MFT #immediately

Total
0
Shares
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Previous Post
Software Supply Chain

The unknown risks of the software supply chain: a deep dive

Next Post
Malicious NPM Packages

Malicious NPM packages exfiltrate hundreds of developer SSH keys via GitHub

Related Posts