A crucial safety flaw has been disclosed in Fortra’s GoAnywhere Managed File Switch (MFT) software program that may very well be abused to create a brand new administrator consumer.
Tracked as CVE-2024-0204, the problem carries a CVSS rating of 9.8 out of 10.
“Authentication bypass in Fortra’s GoAnywhere MFT previous to 7.4.1 permits an unauthorized consumer to create an admin consumer through the administration portal,” Fortra stated in an advisory launched on January 22, 2024.
Customers who can not improve to model 7.4.1 can apply short-term workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file within the set up listing and restarting the companies.
For container-deployed cases, it is really useful to interchange the file with an empty file and restart.
Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants have been credited with discovering and reporting the flaw in December 2023.
Cybersecurity agency Horizon3.ai, which printed a proof-of-concept (PoC) exploit for CVE-2024-0204, stated the problem is the results of a path traversal weak point within the “/InitialAccountSetup.xhtml” endpoint that may very well be exploited to create administrative customers.
“The best indicator of compromise that may be analyzed is for any new additions to the Admin Customers group within the GoAnywhere administrator portal Customers -> Admin Customers part,” Horizon3.ai safety researcher Zach Hanley stated.
“If the attacker has left this consumer right here you could possibly observe its final logon exercise right here to gauge an approximate date of compromise.”
Whereas there is no such thing as a proof of energetic exploitation of CVE-2024-0204 within the wild, one other flaw in the identical product (CVE-2023-0669, CVSS rating: 7.2) was abused by the Cl0p ransomware group to breach almost 130 victims final yr.
