CVE-2024-0204

CVSS 3.1 Score 9.8 of 10 (CRITICAL)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

UNCHANGED

Privileges Required

NONE

Summary

CVE-2024-0204 represents a significant vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT) software. Prior to version 7.4.1, this issue allows unauthorized users to bypass the authentication process and create new admin users through the administration portal. This vulnerability poses a serious risk, as it enables attackers to gain elevated access and potentially compromise sensitive data. Organizations using Fortra's GoAnywhere MFT are advised to update to the latest version to mitigate this threat.

Details

Published: formatDate( 2024-01-22T18:15:20.137Z )
Updated: formatDate( 2024-02-02T17:15:11.167Z )
CWE ID: CWE-425

Affected Vendors

Fortra

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uAUHoY
https://www.cve.org/CVERecord?id=CVE-2024-0204
https://nvd.nist.gov/vuln/detail/CVE-2024-0204