Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-0204

Published: 22/01/2024 Updated: 02/02/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Fortra

Vulnerability Summary

Authentication bypass in Fortra's GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortra goanywhere managed file transfer 6.0.0

fortra goanywhere managed file transfer

Vendor Advisories

Google Chrome: Long Term Support Channel Update for ChromeOS
 LTC-120 is being updated in the LTC (Long Term Support Candidate) channel, version 12006099301 (Platform Version: 15662960), for most ChromeOS devices Release notes for LTC-120 can be found here Want to know more about Long-term Support? Click hereThis update contains selective Security fixes, including:ChromeOS Vulnerabi ...
Check Point Security Alerts: Fortra GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
Check Point Reference: CPAI-2024-0018 Date Published: 24 Jan 2024 Severity: Critical ...

Exploits

Exploit DB: Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
This Metasploit module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account This can be leveraged to upload a JSP payload and achieve RCE GoAnywhere MFT versions 6x from 601, and 7x before 741 are vulnerable ...

Github Repositories

https://github.com/adminlove520/CVE-2024-0204

GoAnywhere MFT

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script to create a new admin user in GoAnywhere MFT Usage Password must be at least 8 characters long to meet GoAnywhere MFT complexity requirements % python3 CVE-2024-0204py -h usage: CVE-2024-0204 GoAnywhere Authentication Bypass [-h] endpoint username

https://github.com/horizon3ai/CVE-2024-0204

Authentication Bypass in GoAnywhere MFT

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script to create a new admin user in GoAnywhere MFT Blog Post More details here: wwwhorizon3ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive Usage Password must be at least 8 characters long to meet GoAnywhere MFT complexity requirements % python3 CVE-2024-0204py -h usage: CVE-2024-0204 Go

https://github.com/m-cetin/CVE-2024-0204

This script exploits the CVE-2024-0204 vulnerability in Fortra GoAnywhere MFT, allowing the creation of unauthorized administrative users, for educational and authorized testing purposes.

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive This repository contains a proof-of-concept exploit for the authentication bypass vulnerability (CVE-2024-0204) discovered in Fortra's GoAnywhere MFT product The vulnerability allows an unauthenticated attacker to create an administrative user for the application Description On December 4, 2023, an inte

Recent Articles

Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Ancient path traversal exploit offers remote attackers admin access

Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication bypass hole in December, and it wasn't publicly revealed for more than a month. Researchers from Horizon3 used the clues left behind in Fortra's public advisory, published on January 22, to develop a working exploit and demonstrate how n...

Read more...

References

CWE-425https://www.fortra.com/security/advisory/fi-2024-001https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtmlhttp://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.htmlhttp://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2024/01/24/public_exploit_published_within_hours/https://github.com/adminlove520/CVE-2024-0204https://chromereleases.googleblog.com/2024/03/long-term-support-channel-update-for_11.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook