Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)

Summary

Acunetix 360 detected Authentication Bypass vulnerability.

The GoAnywhere MFT has an authentication bypass vulnerability.

An attacker can create an admin user through an unauthorized administration portal.

Impact

An unauthenticated attacker can create an admin user.

Remediation

Upgrade to the latest version of GoAnywhere MFT.

Severity

High

Classification

PCI v3.2-6.5.1 CAPEC-114,115 CWE-425 HIPAA-164.306(a) ISO27001-A.13.1.1 WASC-1 OWASP 2013-A9 OWASP 2017-A9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Authentication Bypass in Fortra’s GoAnywhere MFT (CVE-2024-0204)

Summary

Impact

Remediation

Severity

Classification