/

cve-2024-0204 Report - Details, Severity, & Advisories

cve-2024-0204 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is cve-2024-0204?

CVE-2024-0204 is a critical vulnerability affecting Fortra's GoAnywhere Managed File Transfer (MFT) software, specifically versions 6.0.0 and from 7.0.0 up to (excluding) 7.4.1. This authentication bypass issue allows unauthorized users to create an admin user via the administration portal, potentially compromising the security of systems running the affected software. Users are advised to upgrade to version 7.4.1 or higher to mitigate the risk.

Who is impacted by cve-2024-0204?

If you're using Fortra's GoAnywhere Managed File Transfer (MFT) software, you might be affected by the CVE-2024-0204 vulnerability. This security issue impacts users of version 6.0.0 and all versions from 7.0.0 up to, but not including, 7.4.1. The vulnerability allows unauthorized individuals to create an admin user through the administration portal, potentially putting your system's security at risk.

What to do if cve-2024-0204 affected you

If you're affected by the CVE-2024-0204 vulnerability, it's crucial to take action to secure your system. Follow these simple steps to mitigate the risk:

  1. Upgrade to Fortra's GoAnywhere MFT version 7.4.1 or higher. See the Fortra advisory for more information.

  2. For non-container deployments, delete the InitialAccountSetup.xhtml file in the install directory and restart the services.

  3. For container-deployed instances, replace the InitialAccountSetup.xhtml file with an empty file and restart.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-0204 vulnerability, an authentication bypass issue in Fortra's GoAnywhere Managed File Transfer (MFT) software, is not listed in CISA's Known Exploited Vulnerabilities Catalog. To address this vulnerability, users should update their software to version 7.4.1 or later and follow additional steps depending on their deployment type.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-425, which is a Direct Request ('Forced Browsing') issue in Fortra's GoAnywhere MFT software.

Learn More

For a comprehensive understanding of the vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

cve-2024-0204 Report - Details, Severity, & Advisories

cve-2024-0204 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is cve-2024-0204?

CVE-2024-0204 is a critical vulnerability affecting Fortra's GoAnywhere Managed File Transfer (MFT) software, specifically versions 6.0.0 and from 7.0.0 up to (excluding) 7.4.1. This authentication bypass issue allows unauthorized users to create an admin user via the administration portal, potentially compromising the security of systems running the affected software. Users are advised to upgrade to version 7.4.1 or higher to mitigate the risk.

Who is impacted by cve-2024-0204?

If you're using Fortra's GoAnywhere Managed File Transfer (MFT) software, you might be affected by the CVE-2024-0204 vulnerability. This security issue impacts users of version 6.0.0 and all versions from 7.0.0 up to, but not including, 7.4.1. The vulnerability allows unauthorized individuals to create an admin user through the administration portal, potentially putting your system's security at risk.

What to do if cve-2024-0204 affected you

If you're affected by the CVE-2024-0204 vulnerability, it's crucial to take action to secure your system. Follow these simple steps to mitigate the risk:

  1. Upgrade to Fortra's GoAnywhere MFT version 7.4.1 or higher. See the Fortra advisory for more information.

  2. For non-container deployments, delete the InitialAccountSetup.xhtml file in the install directory and restart the services.

  3. For container-deployed instances, replace the InitialAccountSetup.xhtml file with an empty file and restart.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-0204 vulnerability, an authentication bypass issue in Fortra's GoAnywhere Managed File Transfer (MFT) software, is not listed in CISA's Known Exploited Vulnerabilities Catalog. To address this vulnerability, users should update their software to version 7.4.1 or later and follow additional steps depending on their deployment type.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-425, which is a Direct Request ('Forced Browsing') issue in Fortra's GoAnywhere MFT software.

Learn More

For a comprehensive understanding of the vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

cve-2024-0204 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is cve-2024-0204?

CVE-2024-0204 is a critical vulnerability affecting Fortra's GoAnywhere Managed File Transfer (MFT) software, specifically versions 6.0.0 and from 7.0.0 up to (excluding) 7.4.1. This authentication bypass issue allows unauthorized users to create an admin user via the administration portal, potentially compromising the security of systems running the affected software. Users are advised to upgrade to version 7.4.1 or higher to mitigate the risk.

Who is impacted by cve-2024-0204?

If you're using Fortra's GoAnywhere Managed File Transfer (MFT) software, you might be affected by the CVE-2024-0204 vulnerability. This security issue impacts users of version 6.0.0 and all versions from 7.0.0 up to, but not including, 7.4.1. The vulnerability allows unauthorized individuals to create an admin user through the administration portal, potentially putting your system's security at risk.

What to do if cve-2024-0204 affected you

If you're affected by the CVE-2024-0204 vulnerability, it's crucial to take action to secure your system. Follow these simple steps to mitigate the risk:

  1. Upgrade to Fortra's GoAnywhere MFT version 7.4.1 or higher. See the Fortra advisory for more information.

  2. For non-container deployments, delete the InitialAccountSetup.xhtml file in the install directory and restart the services.

  3. For container-deployed instances, replace the InitialAccountSetup.xhtml file with an empty file and restart.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-0204 vulnerability, an authentication bypass issue in Fortra's GoAnywhere Managed File Transfer (MFT) software, is not listed in CISA's Known Exploited Vulnerabilities Catalog. To address this vulnerability, users should update their software to version 7.4.1 or later and follow additional steps depending on their deployment type.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-425, which is a Direct Request ('Forced Browsing') issue in Fortra's GoAnywhere MFT software.

Learn More

For a comprehensive understanding of the vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.