Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-0204
CVE-2024-0204:
GoAnywhere MFT vulnerability analysis and mitigation
Overview
CVE-2024-0204 is a critical authentication bypass vulnerability affecting Fortra's GoAnywhere MFT versions prior to 7.4.1. The vulnerability was discovered by Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants and was publicly disclosed on January 22, 2024, although it had been patched earlier on December 7, 2023. The vulnerability affects GoAnywhere MFT versions 6.x from 6.0.1 and 7.x before 7.4.1 (Fortra Advisory, Rapid7 Blog).
Technical details
The vulnerability is classified as CWE-425 (Direct Request 'Forced Browsing') and has received a critical CVSS v3.1 score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability exists in the administration portal and involves a path normalization issue where attackers can use path traversal techniques with /..;/ to bypass authentication controls and access the InitialAccountSetup.xhtml endpoint (Horizon3 Research).
Impact
The vulnerability allows an unauthorized user to create an administrative user account via the administration portal, which could lead to complete system compromise. Given the critical CVSS score and the ability to gain administrative access, successful exploitation could result in unauthorized access to sensitive data, system manipulation, and potential remote code execution (Arctic Wolf).
Mitigation and workarounds
Organizations should upgrade to GoAnywhere MFT version 7.4.1 or higher immediately. For those unable to update immediately, Fortra has provided two workarounds: 1) For non-container deployments, delete the InitialAccountSetup.xhtml file in the installation directory and restart the services, or 2) For container-deployed instances, replace the file with an empty file and restart the services. Additionally, administrative portals should not be exposed to the public internet (Fortra Advisory).
Community reactions
The vulnerability has garnered significant attention due to its critical severity and the previous history of GoAnywhere MFT being targeted by ransomware groups. Security researchers and organizations have emphasized the urgency of patching, particularly given the availability of public exploit code and observed exploitation attempts (Rapid7 Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management