Critical Authentication Bypass Vulnerability in GoAnywhere MFT: Urgent Patch Recommended

January 23, 2024

Fortra is alerting users to a new authentication bypass vulnerability affecting GoAnywhere MFT versions prior to 7.4.1. This vulnerability could enable an attacker to create a new administrative user. GoAnywhere MFT, a tool used globally for secure file transfers with business partners and customers, offers features such as secure encryption protocols, automation, centralized control, and a range of logging and reporting tools useful for legal compliance and auditing.

The flaw, designated as CVE-2024-0204, is considered critical, with a CVSS v3.1 score of 9.8. It is remotely exploitable, allowing an unauthorized user to create admin users through the product’s administration portal. This could lead to a complete device takeover, enabling attackers to access sensitive data, introduce malware, and potentially launch further attacks within the network.

This vulnerability affects Fortra GoAnywhere MFT 6.x from 6.0.1 and Fortra GoAnywhere MFT 7.4.0 and earlier. The issue has been resolved in GoAnywhere MFT 7.4.1, released on December 7, 2023. Fortra strongly recommends all users to install the latest update (currently 7.4.1) to mitigate the vulnerability. In addition to this, Fortra also provides two manual mitigation pathways in its advisory.

The vulnerability, CVE-2024-0204, was first discovered on December 1, 2023, by Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants. Despite the significant time that has passed since the initial disclosure, Fortra hasn't clarified whether the vulnerability is being actively exploited. However, with the release of mitigations and hints about the bug's location, it wouldn't be surprising if proof-of-concept exploits were released soon.

In early 2023, the Clop ransomware gang exploited a critical remote code execution flaw in GoAnywhere MFT, tracked as CVE-2023-0669. The flaw had been exploited as a zero-day vulnerability since January 18, 2023. Fortra became aware of this on February 3, 2023, and released patches three days later. Unfortunately, the Clop ransomware gang had already conducted widespread data theft attacks, impacting organizations worldwide, causing data leaks, operational disruptions, and reputational damage. Notable victims of these attacks include Crown Resorts, CHS, Hatch Bank, Rubrik, the City of Toronto, Hitachi Energy, Procter & Gamble, and Saks Fifth Avenue.

Given these circumstances, organizations using Fortra GoAnywhere MFT are advised to apply the available security updates and recommended mitigations as soon as possible, and to closely monitor their logs for any suspicious activity.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.