Authentication Bypass Vulnerability in GoAnywhere MFT

Published on 25-Jan-2024
Updated:
17-Jan-2025
Status:
 
Closed
CVEs:
CVE-2024-0204

Fortra is researching an authentication bypass vulnerability in GoAnywhere MFT (CVE-2024-0204). By exploiting this vulnerability, an unauthorized user can create an admin user via the administration portal. Customers are recommended to upgrade to GoAnywhere MFT 7.4.1 or higher. 

Who is affected?

Customers using any version of GoAnywhere MFT before version 7.4.1 are vulnerable to CVE-2024-0204. 

What can I do?

GoAnywhere MFT resolved this vulnerability on December 4, 2023, with the release of version 7.4.1. Customers are recommended to download this new version and upgrade their software as soon as possible. For more information, refer to the security advisory.

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities in addition to those listed below.

Alert Logic Network IDS: Fortra’s Alert Logic released IDS telemetry on January 24, 2024, to monitor for CVE-2024-0204 exploit activity. 

Alert Logic Vulnerability Scanning: Fortra’s Alert Logic released unauthenticated scan coverage on January 24, 2024. If the vulnerability is found, an exposure (EID: 252285) will be raised for CVE-2024-0204.

Tripwire IP360: Tripwire released unauthenticated scan coverage on January 31, 2024, to identify vulnerable instances. If the vulnerability is found, vulnerability 603028 will match for CVE-2024-0204.

Fortra VM: Fortra VM Network Scanner 4.43.3, released on January 25, 2024, contains a new unauthenticated check for CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass (158480).

Core Impact: A vulnerability checker—Fortra GoAnywhere MFT InitialAccountSetup Direct Request—was delivered to customers on January 25. It validates the presence of CVE-2024-0204 with a score CVSS of 9.8 Critical. For authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1, this module allows an unauthorized user to create an admin user via the administration portal. This exploit was tested on GoAnywhere MFT 7.0.3 running on Windows Server 2019.

Updates

Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.  

Recent Emerging Threats
:
CrushFTP Authentication Bypass
:
Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates
:
Multiple Vulnerabilities Impacting rsync
:
Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes
:
FortiOS & FortiProxy: Authentication Bypass in Node.js Websocket Module
Security Alerts in Your Inbox. We will watch for emerging threats; you can watch for our email.