A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) program that could be abused to build a new administrator person.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
“Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin person by way of the administration portal,” Fortra explained in an advisory produced on January 22, 2024.
Customers who can not up grade to edition 7.4.1 can utilize non permanent workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the products and services.
For container-deployed situations, it truly is advisable to change the file with an vacant file and restart.
Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants have been credited with exploring and reporting the flaw in December 2023.
Cybersecurity firm Horizon3.ai, which posted a proof-of-strategy (PoC) exploit for CVE-2024-0204, mentioned the issue is the consequence of a path traversal weak spot in the “/InitialAccountSetup.xhtml” endpoint that could be exploited to make administrative end users.
“The least difficult indicator of compromise that can be analyzed is for any new additions to the Admin Customers team in the GoAnywhere administrator portal People -> Admin Consumers segment,” Horizon3.ai security researcher Zach Hanley stated.
“If the attacker has remaining this consumer here you might be equipped to observe its very last logon exercise here to gauge an approximate date of compromise.”
Though there is no proof of lively exploitation of CVE-2024-0204 in the wild, yet another flaw in the identical product (CVE-2023-0669, CVSS score: 7.2) was abused by the Cl0p ransomware group to breach approximately 130 victims previous calendar year.
Identified this report fascinating? Stick to us on Twitter and LinkedIn to read through more unique content we write-up.
Some parts of this article are sourced from:
thehackernews.com