Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

24.01.2024

 

A critical security vulnerability has been revealed in Fortra’s GoAnywhere Managed File Transfer (MFT) software, posing a significant risk with a CVSS score of 9.8 out of 10.

Identified as CVE-2024-0204, this flaw allows unauthorized users to exploit an authentication bypass in Fortra’s GoAnywhere MFT versions preceding 7.4.1, enabling them to create a new administrator user through the administration portal. Fortra issued an advisory on January 22, 2024, addressing the issue.

For users unable to upgrade to version 7.4.1, temporary solutions are available for non-container deployments. This involves deleting the “InitialAccountSetup.xhtml” file in the installation directory and restarting the services. In container-deployed instances, it is recommended to replace the file with an empty one and restart.

The security vulnerability was discovered and reported by Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants in December 2023. Cybersecurity firm Horizon3.ai, which provided a proof-of-concept (PoC) exploit for CVE-2024-0204, highlighted that the flaw results from a path traversal weakness in the “/InitialAccountSetup.xhtml” endpoint, potentially exploited to create administrative users.

Zach Hanley, a security researcher at Horizon3.ai, emphasized monitoring the Admin Users group in the GoAnywhere administrator portal’s Users -> Admin Users section for any unexpected additions. While there is currently no evidence of active exploitation of CVE-2024-0204 in the wild, it’s worth noting that a previous flaw in the same product (CVE-2023-0669, CVSS score: 7.2) was exploited by the Cl0p ransomware group, compromising nearly 130 victims last year.

Other news

UnitedHealth paid ransom to bad actors, says patient data was compromised in Change Healthcare cyberattack

UnitedHealth Group announced on Monday that it made a ransom payment to cyberthreat actors in an attempt to safeguard patient data, following the February cyberattack on its subsidiary Change Healthcare. The company also confirmed that personal information files were compromised during the breach

Read More

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.

Read More
en_USEnglish