Article Details
Scrape Timestamp (UTC): 2024-01-24 05:41:05.784
Source: https://thehackernews.com/2024/01/patch-your-goanywhere-mft-immediately.html
Original Article Text
Click to Toggle View
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin. A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra said in an advisory released on January 22, 2024. Users who cannot upgrade to version 7.4.1 can apply temporary workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, it's recommended to replace the file with an empty file and restart. Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants have been credited with discovering and reporting the flaw in December 2023. Cybersecurity firm Horizon3.ai, which published a proof-of-concept (PoC) exploit for CVE-2024-0204, said the issue is the result of a path traversal weakness in the "/InitialAccountSetup.xhtml" endpoint that could be exploited to create administrative users. "The easiest indicator of compromise that can be analyzed is for any new additions to the Admin Users group in the GoAnywhere administrator portal Users -> Admin Users section," Horizon3.ai security researcher Zach Hanley said. "If the attacker has left this user here you may be able to observe its last logon activity here to gauge an approximate date of compromise." While there is no evidence of active exploitation of CVE-2024-0204 in the wild, another flaw in the same product (CVE-2023-0669, CVSS score: 7.2) was abused by the Cl0p ransomware group to breach nearly 130 victims last year. SaaS Security Masterclass: Insights from 493 Companies Watch this webinar to discover Critical SaaS Security Do's and Don'ts based on a study of 493 companies, offering real-world comparisons and benchmarks.
Daily Brief Summary
A critical security flaw (CVE-2024-0204) with a 9.8 CVSS score was found in Fortra's GoAnywhere MFT software, allowing unauthorized creation of admin users.
Fortra issued an advisory on January 22, 2024, providing guidance for users who cannot immediately upgrade to the patched version 7.4.1.
Workarounds involve deleting or replacing the InitialAccountSetup.xhtml file in the software's install directory, depending on the type of deployment.
The vulnerability was identified by researchers Mohammed Eldeeb and Islam Elrfai and was caused by a path traversal weakness.
Cybersecurity firm Horizon3.ai released a proof-of-concept (PoC) exploit and explained how to detect compromises by checking for new admin users in the GoAnywhere administrator portal.
So far, there is no evidence of active exploitation of this particular vulnerability; however, another flaw (CVE-2023-0669) in GoAnywhere MFT was previously leveraged by the Cl0p ransomware group.