<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

GoAnywhere Vulnerability Alert | January 2024

GoAnywhere Vulnerability Overview

 

Background Information

A critical security flaw has been reported in the GoAnywhere managed file transfer (MFT) solution. This tool is often used by companies to transfer encrypted files securely. The flaw allows a remote, unauthenticated attacker to take control of the system. Given a history of attackers quickly exploiting similar flaws in mass-exploitation campaigns, it is critical that impacted organizations patch immediately.

Impact of the Vulnerability

Attackers can exploit this vulnerability, bypass authentication, and create a new admin user. From there, it is easy for an attacker to use the newly created admin account to access and steal sensitive data or take other malicious actions. The flaw impacts Fortra GoAnywhere MFT 6.x from 6.0.1 and Fortra GoAnywhere MFT 7.4.0 and earlier.

While there are no reports of exploitation attempts yet, a similar vulnerability in GoAnywhere last year was exploited within a few days and led to a large number of data theft attacks. Immediately upgrading to a fixed version is crucial to avoid likely forthcoming attacks.

Next Steps for GoAnywhere Customers:

We encourage your organization to take the following steps to mitigate against potential attack:

  1. Upgrade your GoAnywhere instance to at least version 7.4.1
  2. If you aren’t able to patch, Fortra has provided two alternate mitigation options:
    1. In non-container deployments: delete the InitialAccountSetup.xhtml file in the install directory and restart the services.
    2. In container-deployed instances: replace InitialAccountSetup.xhtml with an empty file and restart the services.

Recent Articles

Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed


Ransomware attacks remained high in Q3 2024, with groups targeting sectors like Construction and Healthcare, often exploiting weak VPN credentials.

Q2 Cyber Threat Report: Ransomware Season Arrives Early


In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.

Global IT Meltdown: CrowdStrike Software Update Causes Broad Outages


On July 19, 2024, the world woke up to a massive IT outage caused by cybersecurity firm CrowdStrike that affected numerous industries across the globe.