January 24, 2024 at 03:05PM
A new proof-of-concept exploit is available for a critical authentication bypass vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere Managed File Transfer software. This flaw affects a large percentage of systems and allows unauthenticated remote attackers to create new accounts with admin privileges. The release of this exploit is likely to lead to widespread attacks, following previous successful ransomware incidents.
Based on the meeting notes, the key takeaways are as follows:
1. A proof-of-concept exploit is now available for a critical flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) software, specifically the newly disclosed CVE-2024-0204, which is an authentication bypass vulnerability affecting versions 6.x from 6.0.1 and 7.x before 7.4.1. The severity of the vulnerability is rated close to the maximum possible score of 10 on the CVSS severity scale.
2. Less than 4% of GoAnywhere MFT assets appear to be fixed versions, meaning over 96% are at a significantly heightened risk of compromise, making mass attacks targeting the flaw almost certain to begin soon.
3. The Cl0p ransomware group previously exploited a remote code injection bug in GoAnywhere (CVE-2023-0669) to deploy ransomware on systems belonging to over 130 organizations, including well-known entities such as Procter & Gamble, Hitachi Energy, and the city of Toronto.
4. Fortra informed customers about the vulnerability privately on Dec. 7, 2023, and issued a patch for it after two bug hunters reported the issue. However, the company publicly disclosed the flaw on Jan. 23, following which researchers from Horizon3.ai published a proof-of-concept exploit for CVE-2024-0204.
5. Exploit developer James Horseman described the new vulnerability as trivial to exploit, making it imperative for affected users to act quickly to mitigate the risk.
6. Managed file transfer technologies such as GoAnywhere are targeted by threat actors due to the sensitive information likely to be found on these systems, posing a significant risk to organizations using GoAnywhere MFT for file transfers.
7. Fortra’s decision to delay disclosing the new bug almost certainly aimed to give customers time to patch the issue before widespread exploitation. However, this strategy raises concerns about transparency and the potential impact on public image.
These takeaways provide a detailed understanding of the current threat landscape surrounding the Fortra GoAnywhere MFT software and underscore the urgency for affected organizations to take proactive measures to mitigate the risk.