24 January 2024

Critical vulnerability discovered in Fortra’s GoAnywhere MFT, patch ASAP


Critical vulnerability discovered in Fortra’s GoAnywhere MFT, patch ASAP

Fortra has warned of a critical vulnerability in its widely used GoAnywhere MFT (Managed File Transfer) that could allow hackers to compromise unpatched instances.

GoAnywhere MFT is a popular file-sharing service used by large businesses to share sensitive files securely.

Tracked as CVE-2024-0204, the vulnerability is an authentication bypass issue related to the lack of authorization checks related to the InitialAccountSetup.xhtml file, along with a path normalization issue. If exploited, the bug allows a remote non-authenticated attacker to bypass the authentication process and gain full control over the system by creating an administrative account.

The flaw affects GoAnywhere MFT 6.x from 6.0.1 and Fortra GoAnywhere MFT 7.4.0 and earlier and was fixed in GoAnywhere MFT 7.4.1. Fortra addressed this vulnerability in a December 7, 2023 release of GoAnywhere MFT but, for some reason, publicly disclosed the vulnerability only now.

“Upgrade to version 7.4.1 or higher. The vulnerability may also be eliminated in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, replace the file with an empty file and restart,” the company recommended.

While there’s no indication that this flaw is being exploited in the wild, a proof-of-concept code (PoC) for CVE-2024-0204 is available, meaning that active exploitation attempts are likely to follow soon.

In February 2023, another critical vulnerability (CVE-2023-0669) in GoAnywhere MFT was exploited as a zero-day in a large-scale extortion campaign conducted by the Cl0p ransomware group, which affected more than 100 organizations worldwide.

Back to the list

Latest Posts

Cyber Security Week in Review: June 14, 2024

Cyber Security Week in Review: June 14, 2024

In brief: Arm warns of actively exploited Mali GPU zero-day, Microsoft delays the release of its AI-powered Recall feature, and more.
14 June 2024
TellYouThePass ransomware weaponizes recently patched PHP flaw

TellYouThePass ransomware weaponizes recently patched PHP flaw

Imperva identified several campaigns exploiting the CVE-2024-4577 vulnerability.
13 June 2024
Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones

Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones

Additionally, the bot farm was used to spread Russian fake news.
13 June 2024