Unauthorized Access to Admin User Accounts via Administration Portal

CVE-2024-0204

9.8CRITICAL

Key Information

Vendor
Fortra
Status
GoAnywhere MFT
Vendor
CVE Published:
22 January 2024

Badges

📈 Trended📈 Score: 12,300👾 Exploit Exists🟡 Public PoC🟣 EPSS 40%📰 News Worthy

What is CVE-2024-0204?

CVE-2024-0204 is a serious vulnerability found in Fortra's GoAnywhere MFT, a managed file transfer solution widely used for secure data exchange and compliance. The flaw allows an unauthorized user to bypass authentication processes within the administration portal, enabling the creation and management of admin user accounts. This vulnerability poses significant risks to organizations by potentially exposing sensitive data and allowing unauthorized control over critical system functionalities.

Technical Details

The vulnerability stems from an authentication bypass in versions of GoAnywhere MFT prior to 7.4.1. It enables malicious users to gain access to the administration portal without proper authentication. This may lead to the manipulation of user accounts and system configurations, which can severely compromise system integrity and security.

Impact of the Vulnerability

  1. Unauthorized Access and Control: Attackers can create admin accounts, granting them elevated privileges and unrestricted access to the entire system, potentially leading to unauthorized data manipulation.

  2. Data Breach Risks: With access to admin functionalities, attackers can exfiltrate sensitive data, resulting in potential data breaches and loss of confidentiality for the organization.

  3. Compliance Violations: Organizations that rely on GoAnywhere MFT for regulatory compliance could face severe repercussions due to unauthorized access or data exposure, potentially leading to legal consequences and loss of stakeholder trust.

Affected Version(s)

GoAnywhere MFT <= 6.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0204
Created by horizon3ai

CVE-2024-0204
Created by cbeek-r7

CVE-2024-0204
Created by adminlove520

News Articles

favicon imageMalwarebytes

Patch now! Fortra GoAnywhere MFT vulnerability exploit available | Malwarebytes

A new vulnerability in Fortra GoAnywhere MFT now has exploit code available that allows an attacker to create a new admin user.

11 months ago

favicon imageDuo Security

Exploit Code Released For Fortra GoAnywhere MFT Flaw

The flaw (CVE-2024-0204) could enable remote, unauthenticated attackers to bypass authentication in order to create new users.

11 months ago

References

https://www.fortra.com/security/advisory/fi-2024-001
vendor-advisory
https://my.goanywhere.com/webclient/ViewSecurityAdvisorie...
permissions-required
http://packetstormsecurity.com/files/176683/GoAnywhere-MF...

EPSS Score

40% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Beeping Computers

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database3 Proof of Concept(s)15 News Article(s)

Credit

Mohammed Eldeeb & Islam Elrfai, Spark Engineering Consultants
.