Fortra just released a security bulletin detailing a new critical authentication bypass vulnerability in their GoAnywhere Managed File Transfer (MFT) solution. The vulnerability, CVE-2024-0204, allows for a remote unauthenticated user to create administrative users via the administration portal. Security researchers at Horizon3.ai published details on the vulnerability and exploitation.
In early 2023, a high severity 0-day command injection vulnerability in the GoAnywhere MFT product, CVE-2023-0669, was leveraged by the Cl0p ransomware gang to compromise over 130 companies.
Affected Versions
Per the security bulletin, CVE-2024-0204 affects the following versions:
- Fortra GoAnywhere MFT 6.x from 6.0.1
- Fortra GoAnywhere MFT 7.x before 7.4.1
Remediation and Mitigation
Fortra recommends upgrading to version 7.4.1 or higher. If an upgrade is not feasible, a workaround is available. In 'non-container deployments', administrators can delete the InitialAccountSetup.xhtml file located in the install directory and then restart the services. For 'container-deployed' instances, replace the InitialAccountSetup.xhtml file with an empty file and restart.
References
DISCLAIMER
Kindly be advised that the information contained in this article is presented with no final evaluation and should be considered raw data. The sole purpose of this information is to provide situational awareness based on the currently available knowledge. We recommend exercising caution and conducting further research as necessary before making any decisions based on this information.
Disclaimer: The information in this post is provided "as is". It is not yet finally evaluated intelligence and should be considered raw information that is provided strictly for situational awareness, given what is known at this time.
The PacketWatch Intelligence Team
