Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Fortra GoAnywhere P...
 
Notifications
Clear all

Fortra GoAnywhere Patch Now: Flaw lets anyone be admin

1 Posts
1 Users
0 Likes
75 Views
Brandon Lee
(@brandon-lee)
Posts: 401
Member Admin
Topic starter
 

Fortra has recently identified a severe security vulnerability in its GoAnywhere Managed File Transfer (MFT) software. This vulnerability, designated as CVE-2024-0204, is of high concern with a CVSS score of 9.8 out of 10, indicating its critical nature.

The security flaw allows for an authentication bypass in versions of GoAnywhere MFT earlier than 7.4.1. Exploiting this vulnerability, an unauthorized individual could create a new administrator account through the administration portal. Fortra released this information in a security advisory on January 22, 2024.

For users unable to update to version 7.4.1 immediately, Fortra recommends certain temporary measures. In non-containerized deployments, one can mitigate the risk by deleting the InitialAccountSetup.xhtml file found in the installation directory and then restarting the associated services.

In instances where GoAnywhere MFT is deployed in containers, the suggested workaround is to replace the InitialAccountSetup.xhtml file with an empty file and subsequently restart the system. These steps are critical interim solutions to safeguard the system against potential unauthorized administrative access.

https://thehackernews.com/2024/01/patch-your-goanywhere-mft-immediately.html

 
Posted : 24/01/2024 11:06 am