Fortra’s Alert Logic is researching an authentication bypass vulnerability in GoAnywhere MFT (CVE-2024-0204). By exploiting this vulnerability, an unauthorized user can create an admin user via the administration portal. Customers are recommended to upgrade to GoAnywhere MFT 7.4.1 or higher.
Who is affected?
Customers using any version of GoAnywhere MFT before version 7.4.1 are vulnerable to CVE-2024-0204.
What can I do?
GoAnywhere MFT resolved this vulnerability on December 4, 2023, with the release of version 7.4.1. Customers are recommended to download this new version and upgrade their software as soon as possible. For more information, refer to the security advisory.
How is Alert Logic helping me?
Network IDS: Alert Logic released IDS telemetry on January 24, 2024, to monitor for CVE-2024-0204 exploit activity.
Vulnerability Scanning: Alert Logic released unauthenticated scan coverage on January 24, 2024. If the vulnerability is found, an exposure (EID: 252285) will be raised for CVE-2024-0204.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
Comments
0 comments
Please sign in to leave a comment.