Summary
A Proof of Concept (PoC) is available for the vulnerability CVE-2024-0204 – already fixed by the vendor – present in Fortra GoAnywhere, a secure file transfer software.
Through the use of URLs containing appropriately crafted patterns, a remote unauthenticated attacker could force the application to re-propose the initial setup page aimed at creating administrator users on the affected systems.
Risk
Estimate of the impact of the vulnerability on the reference community: HIGH/ORANGE (72.82/100)1.
Type
- Authentication Bypass
Affected Products and Versions
- Fortra GoAnywhere MFT 6.x, versions prior to 6.0.1
- Fortra GoAnywhere MFT 7.x, versions prior to 7.4.1
Mitigation Actions
In line with Apache’s statements, it is recommended to apply the available mitigations following the guidance provided in the security bulletin in the References section.
Unique Vulnerability Identifiers
References
https://www.fortra.com/security/advisory/fi-2024-001
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
