January 23, 2024 at 10:46AM
Fortra warns of a critical authentication bypass vulnerability in GoAnywhere MFT, affecting versions prior to 7.4.1. Exploitation allows unauthorized creation of admin accounts and could lead to data breaches and malware introduction. The flaw was fixed in version 7.4.1, and users are advised to update immediately. Notably, past incidents suggest the urgent need to apply security updates.
Key points from the meeting notes:
– A new authentication bypass vulnerability has been identified in GoAnywhere MFT versions before 7.4.1, allowing unauthorized user creation.
– The vulnerability is tracked as CVE-2024-0204, rated critical (CVSS v3.1 score of 9.8) and is remotely exploitable.
– Organizations should update to GoAnywhere MFT 7.4.1, released on December 7, 2023, to fix the vulnerability.
– Two manual mitigation pathways have been provided by Fortra in the advisory.
– The flaw was discovered by Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants.
– There is potential for the vulnerability to be exploited, and prior instances of exploitation by the Clop ransomware gang have been documented.
– Notable victims of prior attacks include Crown Resorts, CHS, Hatch Bank, and Saks Fifth Avenue.
– Fortra advises organizations to apply security updates, recommended mitigations, and scrutinize logs for any suspicious activity.
These key takeaways provide a clear understanding of the vulnerability, its impact, prior exploitation, and the recommended actions for organizations using GoAnywhere MFT to secure their systems and data.