Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Vulnerability on GoAnywhere MFT: Update Now!

Executive Summary

Fortra has recently fixed a critical security vulnerability affecting GoAnywhere Managed File Transfer (MFT) software.

The vulnerability, with a CVSS score of 9.8, allows unauthenticated remote attackers to create admin accounts, potentially compromising system integrity.

Furthermore, the existence of a Proof-of-Concept (PoC) exploit underscores the urgency of the situation. Organisations are strongly urged to apply the provided updates.

About CVE-2024-0204

CVE-2024-0204 is a critical authentication bypass vulnerability found in Fortra’s GoAnywhere Managed File Transfer (MFT) software, particularly in versions prior to 7.4.1.

This vulnerability, with a CVSS score of 9.8, permits an unauthorised user to create an admin user via the administration portal.

The vulnerability allows an unauthenticated, remote attacker to send a specially crafted request to a vulnerable GoAnywhere MFT instance.

Successful exploitation empowers the attacker to bypass authentication mechanisms and create new users with elevated privileges, including administrator accounts.

Researchers at Horizon3 published a PoC exploit on GitHub, facilitating the creation of new admin users.

Fortra’s Response

Fortra has promptly addressed this vulnerability, urging users to upgrade their GoAnywhere MFT installations to version 7.4.1 or later.

Please refer to Fortra’s security advisory for detailed information about the fixes.

Closing Comments

The urgency of addressing this critical vulnerability cannot be overstated, especially with a readily available PoC exploit.

While there is currently no evidence of active exploitation in the wild, it’s essential to remember that threat actors have targeted Fortra’s GoAnywhere MFT in the past. For instance, the Cl0p ransomware group, known for its worldwide MOVEit breaches, also set its sights on GoAnywhere last year. They exploited CVE-2023-0669 in GoAnywhere to compromise nearly 130 organisations.

In today’s data-centric world, MFTs play a pivotal role in protecting sensitive information. MFT providers bear the responsibility of ensuring the robust security of their products, alongside facilitating seamless data exchange.

They must proactively assess and fortify their software against potential security risks. This includes conducting regular security audits, issuing timely patches, and fostering transparent communication with users. As demonstrated, a single vulnerability could lead to data breaches, financial losses, and reputational damage.

Moreover, organisations relying on MFTs in critical business processes shouldn’t solely depend on technical measures but also design secure processes. User awareness is a fundamental aspect of secure processes. As a simple example, users should delete files from MFTs promptly after completing the file transfer to minimise exposure.

As the cybersecurity landscape continues to evolve, vigilance and proactive security practices remain essential to safeguard against potential threats.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.