The fest of vulnerabilities in enterprise software continues with an auth bypass flaw in Fortra’s GoAnywhere MFT. Rated at CVSS 9.8, this flaw allows an adversary to create an administrator account without gaining any access to the system. Fortra recommends updating the MFT solution to the versions beyond the ones susceptible to the flaw.
GoAnywhere MFT Vulnerability Allows for Auth Bypass
On January 22, 2024, Fortra, the developer of GoAnywhere Managed File Transfer (MFT), notified about a severe auth bypass bug present in the software. A bug that falls under CWE-425 designation allows adversaries to create a user account with administrator privileges. The only thing they need to fulfil is to open the administration portal. Most likely, the software simply ignores authentication, considering anyone who accesses the portal has appropriate privileges.
Considering the nature of the MFT, a successful exploitation of CVE-2024-0204 means a full control over the document flow that is managed through the solution. Hackers can leak these documents, or inject malware to one, so whoever opens it will be infected. This, in combination with the overall ease of exploitation, is the reason for such a high CVSS score.
That is not the first time when GoAnywhere vulnerabilities hit the newsletters. In February 2023, hackers published a proof-of-concept exploit for another flaw of this software, that allowed for remote code execution. Further, this vulnerability was exploited by the Cl0p ransomware gang to attack over a hundred victims.
Auth Bypass in GoAnywhere Fixed
For the susceptible versions, Fortra names all 6.x versions of the GoAnywhere, starting with 6.0.1, and all 7.x versions before 7.4.1. The latter was released back in December 2023, so the ones who install the updates upon release are secure. As the developer does not offer any mitigation (and it is not really possible in that case), the update is the only viable option to secure against the CVE-2024-0204.
Are Such Vulnerabilities Dangerous?
Exploitation of corporate-scale software remains a potent attack vector. As cybercriminals more and more prefer attacking companies over individuals, the importance of installing security patches becomes more and more important. As stats show, over 90% of exploitation cases happen after the vulnerability is published and patched by the developer.
Aside from patching, one can additionally opt for security software with enhanced anti-exploitation capabilities. Modern EDR/XDR solutions are developed with these features in mind, so consider checking them out. Solutions that include zero-trust policy will be the most effective, as they treat any process in the environment as potentially dangerous.