Security researchers at Spark Engineering Consultants have discovered an authentication bypass vulnerability in GoAnywhere Managed File Transfer. Tracked as CVE-2024-0204, the vulnerability has a critical severity and a CVSS score of 9.8. The vulnerability allows an unauthorized user to create an admin user via the administration portal.
Tag: GoAnywhere MFT
GoAnywhere Managed File Transfer (MFT) Remote Code Execution Vulnerability (Zero-Day) (CVE-2023-0669)
Fortra has released a patch for a zero-day vulnerability that affects GoAnywhere Managed File Transfer (MFT). GoAnywhere MFT instances that have the administrative console remotely accessible are affected by this vulnerability. On successful exploitation, the vulnerability will allow an attacker to execute malicious code remotely. The vulnerability is being tracked as CVE-2023-0669. GoAnywhere MFT … Continue reading “GoAnywhere Managed File Transfer (MFT) Remote Code Execution Vulnerability (Zero-Day) (CVE-2023-0669)”