CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass

Fortra just released a security bulletin detailing a new critical authentication bypass vulnerability in their GoAnywhere Managed File Transfer (MFT) solution. The vulnerability, CVE-2024-0204, allows for a remote unauthenticated user to create administrative users via the administration portal.  Security researchers at Horizon3.ai published details on the vulnerability and exploitation.

In early 2023, a high severity 0-day command injection vulnerability in the GoAnywhere MFT product, CVE-2023-0669, was leveraged by the Cl0p ransomware gang to compromise over 130 companies.

Affected Versions

Per the security bulletin, CVE-2024-0204 affects the following versions:

• Fortra GoAnywhere MFT 6.x from 6.0.1
• Fortra GoAnywhere MFT 7.x before 7.4.1

Remediation and Mitigation

Fortra recommends upgrading to version 7.4.1 or higher.  If an upgrade is not feasible, a workaround is available.  In 'non-container deployments', administrators can delete the InitialAccountSetup.xhtml file located in the install directory and then restart the services.  For 'container-deployed' instances, replace the InitialAccountSetup.xhtml file with an empty file and restart.

References

• https://www.fortra.com/security/advisory/fi-2024-001
• https://nvd.nist.gov/vuln/detail/CVE-2024-0204 
• https://www.bleepingcomputer.com/news/security/fortra-warns-of-new-critical-goanywhere-mft-auth-bypass-patch-now/ 
• https://nvd.nist.gov/vuln/detail/CVE-2023-0669 

DISCLAIMER

Kindly be advised that the information contained in this article is presented with no final evaluation and should be considered raw data. The sole purpose of this information is to provide situational awareness based on the currently available knowledge. We recommend exercising caution and conducting further research as necessary before making any decisions based on this information.