Islam Elrfai

**Name of the Vulnerable Software and Affected Versions** GoAnywhere MFT versions prior to 7.4.2 **Description** A path traversal issue exists, allowing attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. **Recommendations** For versions prior to 7.4.2, update to version 7.4.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Fortra GoAnywhere MFT versions prior to 7.4.1 **Description** A critical authentication bypass issue exists in Fortra’s GoAnywhere MFT software prior to version 7.4.1. This flaw allows an unauthorized user to create an administrator account through the administration portal. A proof-of-concept exploit is publicly available. Approximately 35,407 systems are potentially affected, primarily located in the United States and Japan. Imperva observed over 15,000 requests targeting potentially vulnerable systems, and approximately 28 systems are publicly accessible. The vulnerability, tracked as CVE-2024-0204, has a CVSS score of 9.8. The vulnerability stems from a path traversal weakness in the `/InitialAccountSetup.xhtml` endpoint, enabling unauthorized access and admin account creation. The Cl0p ransomware group previously exploited a similar flaw in GoAnywhere MFT last year. **Recommendations** Update GoAnywhere MFT to version 7.4.1 or later. For systems unable to update to version 7.4.1, delete the `InitialAccountSetup.xhtml` file in the installation directory and restart the services. For containerized deployments, replace the `InitialAccountSetup.xhtml` file with an empty file and restart the services.