A critical vulnerability (CVE-2024-0204) was found in Fortra’s GoAnywhere MFT product, which is an authentication bypass flaw that could allow an unauthenticated attacker to create an administrator user.
The vulnerability affects versions 6.x and 7.x of the product. The issue was identified and reported in early December 2023, and Fortra released patches on December 7.
A day after the vendor’s advisory came out, proof-of-concept code targeting the vulnerability was published. Fortra has urged its customers to update their GoAnywhere MFT instances to version 7.4.1 or higher.
Read more: PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.