Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

Avatar
A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. “Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra&

A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.

Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.

“Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra said in an advisory released on January 22, 2024.

Users who cannot upgrade to version 7.4.1 can apply temporary workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services.

For container-deployed instances, it’s recommended to replace the file with an empty file and restart.

Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants have been credited with discovering and reporting the flaw in December 2023.

Cybersecurity firm Horizon3.ai, which published a proof-of-concept (PoC) exploit for CVE-2024-0204, said the issue is the result of a path traversal weakness in the “/InitialAccountSetup.xhtml” endpoint that could be exploited to create administrative users.

“The easiest indicator of compromise that can be analyzed is for any new additions to the Admin Users group in the GoAnywhere administrator portal Users -> Admin Users section,” Horizon3.ai security researcher Zach Hanley said.

“If the attacker has left this user here you may be able to observe its last logon activity here to gauge an approximate date of compromise.”

While there is no evidence of active exploitation of CVE-2024-0204 in the wild, another flaw in the same product (CVE-2023-0669, CVSS score: 7.2) was abused by the Cl0p ransomware group to breach nearly 130 victims last year.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now

Next Post

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Related Posts

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
Omega Balla
Read More