CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability

Jan. 24, 2024, 3:25 a.m. | Satnam Narang

Proof-of-concept exploit details are available for a newly disclosed critical vulnerability in Fortra GoAnywhere Managed File Transfer (MFT), a product historically targeted by ransomware

Background

On January 22, Fortra (formerly HelpSystems) published a security advisory (FI-2024-001) for a critical vulnerability in GoAnywhere, its managed file transfer (MFT) software.

CVEDescriptionCVSSv3CVE-2024-0204Fortra GoAnywhere MFT Authentication Bypass Vulnerability9.8

According to the advisory, it was discovered on December 1, 2023. Its discovery is credited to security researchers Mohammed Eldeeb and Islam …

advisory authentication authentication bypass bypass bypass vulnerability concept critical critical vulnerability cve exploit file file transfer fortra fortra goanywhere goanywhere goanywhere mft helpsystems january managed managed file transfer mft product proof proof-of-concept security security advisory software transfer vulnerability

Visit resource

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 6 days, 9 hours ago | www.tenable.com

adaptive security arcanedoor blog called +15

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 1 week, 1 day ago | www.tenable.com

advisory april crushftp customers +23

Oracle April 2024 Critical Patch Update Addresses 239 CVEs 2 weeks ago | www.tenable.com

addresses april cpu critical +12

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 2 weeks, 5 days ago | www.tenable.com

alto april attacks command +25

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 3 weeks, 1 day ago | www.tenable.com

addresses april critical critical vulnerabilities +13

Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month ago | www.tenable.com

CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 1 month, 2 weeks ago | www.tenable.com

address advisory arbitrary code attacker +20

Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407) 1 month, 2 weeks ago | www.tenable.com

CVE-2024-27198, CVE-2024-27199: Two Authentication Bypass Vulnerabilities in JetBrains TeamCity 1 month, 3 weeks ago | www.tenable.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;

View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya

View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia

View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States

View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote

View on infosec-jobs.com

View more jobs

all InfoSec news

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability

Background

More from www.tenable.com / Cyber Exposure Alerts

Jobs in InfoSec / Cybersecurity

Social Engineer For Reverse Engineering Exploit Study

Application Security Engineer - Remote Friendly

Cloud Security Specialist

Malware Analysis Engineer - Canberra, Australia

Product CISO

Manager, Security Engineering