Description

GoAnywhere MFT has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request, add a new administrator and get full access to the system.

Remediation

Upgrade to the latest version of GoAnywhere MFT

References

FI-2024-001 - Authentication Bypass in GoAnywhere MFT

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive

Related Vulnerabilities

MySQL CVE-2014-2494 Vulnerability (CVE-2014-2494)

Code Evaluation (Apache Struts) S2-045

Internet Information Services Permissions, Privileges, and Access Controls Vulnerability (CVE-1999-0777)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)

MySQL CVE-2019-2624 Vulnerability (CVE-2019-2624)

Severity

Critical

Classification

CVE-2024-0204 CWE-425 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Authentication Bypass Known Vulnerabilities