Vulnerability Details CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.933
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
References
- http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
- http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
- https://www.fortra.com/security/advisory/fi-2024-001
- http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
- http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
- https://www.fortra.com/security/advisory/fi-2024-001
Products affected by CVE-2024-0204
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.2
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.3
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.2
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.3
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.2.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.2.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.3.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.3.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.4.0