Fortra GoAnywhere File Transfer has a new critical vulnerability
Take action: Given how many companies suffered via the GoAnywhere and MOVEit MFT vulnerabilities, this is a panic mode patch. Start patching NOW, or at least Don't delay patching your GoAnywhere, or at least delete the InitialAccountSetup.xhtml file in the install directory and restart the services
Learn More
Fortra has issued a critical warning about a newly discovered authentication bypass vulnerability in GoAnywhere MFT (Managed File Transfer), which enables unauthenticated attackers to create new administrative users.
This software is widely used for secure file transfers and supports features like encryption, automation, and compliance tools. The vulnerability, tracked as CVE-2024-0204 (CVSS score 9.8) affects versions 6.x from 6.0.1 and 7.4.0 and earlier of GoAnywhere MFT.
A quick search on Shodan reveals over 1800 GoAnywhere candidates for exploit.
It was fixed in the 7.4.1 update released on December 7, 2023. Fortra has not confirmed if the vulnerability is being actively exploited, though no active exploitations have been reported.
Horizon3.ai researchers released a detailed writeup and a PoC exploit on GitHub.
Fortra recommends users update immediately. The vulnerability may also be eliminated by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services.
This warning follows a 2023 incident where the Clop ransomware gang exploited a different GoAnywhere MFT vulnerability (CVE-2023-0669) to breach over 130 companies, causing significant harm including data leaks and operational disruptions.
