A important security flaw has been disclosed in Fortra’s GoAnywhere Managed File Switch (MFT) software program that could possibly be abused to create a brand new administrator person.
Tracked as CVE-2024-0204, the difficulty carries a CVSS rating of 9.8 out of 10.
“Authentication bypass in Fortra’s GoAnywhere MFT previous to 7.4.1 permits an unauthorized person to create an admin person by way of the administration portal,” Fortra stated in an advisory launched on January 22, 2024.
Customers who can’t improve to model 7.4.1 can apply short-term workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file within the set up listing and restarting the providers.
For container-deployed cases, it is really helpful to interchange the file with an empty file and restart.
Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants have been credited with discovering and reporting the flaw in December 2023.
Cybersecurity agency Horizon3.ai, which printed a proof-of-concept (PoC) exploit for CVE-2024-0204, stated the difficulty is the results of a path traversal weak spot within the “/InitialAccountSetup.xhtml” endpoint that could possibly be exploited to create administrative customers.
“The simplest indicator of compromise that may be analyzed is for any new additions to the Admin Customers group within the GoAnywhere administrator portal Customers -> Admin Customers part,” Horizon3.ai security researcher Zach Hanley stated.
“If the attacker has left this person right here you might be able to observe its final logon exercise right here to gauge an approximate date of compromise.”
Whereas there is no such thing as a proof of energetic exploitation of CVE-2024-0204 within the wild, one other flaw in the identical product (CVE-2023-0669, CVSS rating: 7.2) was abused by the Cl0p ransomware group to breach practically 130 victims final 12 months.
