A important safety flaw has been disclosed in Fortra’s GoAnywhere Managed File Switch (MFT) software program that might be abused to create a brand new administrator person.
Tracked as CVE-2024-0204, the difficulty carries a CVSS rating of 9.8 out of 10.
“Authentication bypass in Fortra’s GoAnywhere MFT previous to 7.4.1 permits an unauthorized person to create an admin person through the administration portal,” Fortra stated in an advisory launched on January 22, 2024.
Customers who can’t improve to model 7.4.1 can apply non permanent workarounds in non-container deployments by deleting the InitialAccountSetup.xhtml file within the set up listing and restarting the providers.
For container-deployed situations, it is really useful to exchange the file with an empty file and restart.
Mohammed Eldeeb and Islam Elrfai of Cairo-based Spark Engineering Consultants have been credited with discovering and reporting the flaw in December 2023.
Cybersecurity agency Horizon3.ai, which printed a proof-of-concept (PoC) exploit for CVE-2024-0204, stated the difficulty is the results of a path traversal weak spot within the “/InitialAccountSetup.xhtml” endpoint that might be exploited to create administrative customers.
“The simplest indicator of compromise that may be analyzed is for any new additions to the Admin Customers group within the GoAnywhere administrator portal Customers -> Admin Customers part,” Horizon3.ai safety researcher Zach Hanley stated.
“If the attacker has left this person right here you could possibly observe its final logon exercise right here to gauge an approximate date of compromise.”
Whereas there is no such thing as a proof of energetic exploitation of CVE-2024-0204 within the wild, one other flaw in the identical product (CVE-2023-0669, CVSS rating: 7.2) was abused by the Cl0p ransomware group to breach practically 130 victims final yr.