CVE-2024-0204

Name of the Vulnerable Software and Affected Versions Fortra GoAnywhere MFT versions prior to 7.4.1

Description A critical authentication bypass issue exists in Fortra’s GoAnywhere MFT software prior to version 7.4.1. This flaw allows an unauthorized user to create an administrator account through the administration portal. A proof-of-concept exploit is publicly available. Approximately 35,407 systems are potentially affected, primarily located in the United States and Japan. Imperva observed over 15,000 requests targeting potentially vulnerable systems, and approximately 28 systems are publicly accessible. The vulnerability, tracked as CVE-2024-0204, has a CVSS score of 9.8. The vulnerability stems from a path traversal weakness in the

/InitialAccountSetup.xhtml

endpoint, enabling unauthorized access and admin account creation. The Cl0p ransomware group previously exploited a similar flaw in GoAnywhere MFT last year.

Recommendations Update GoAnywhere MFT to version 7.4.1 or later. For systems unable to update to version 7.4.1, delete the

InitialAccountSetup.xhtml

file in the installation directory and restart the services. For containerized deployments, replace the

InitialAccountSetup.xhtml

file with an empty file and restart the services.