GoAnywhere Vulnerability Overview
Background Information
A critical security flaw has been reported in the GoAnywhere managed file transfer (MFT) solution. This tool is often used by companies to transfer encrypted files securely. The flaw allows a remote, unauthenticated attacker to take control of the system. Given a history of attackers quickly exploiting similar flaws in mass-exploitation campaigns, it is critical that impacted organizations patch immediately.
Impact of the Vulnerability
Attackers can exploit this vulnerability, bypass authentication, and create a new admin user. From there, it is easy for an attacker to use the newly created admin account to access and steal sensitive data or take other malicious actions. The flaw impacts Fortra GoAnywhere MFT 6.x from 6.0.1 and Fortra GoAnywhere MFT 7.4.0 and earlier.
While there are no reports of exploitation attempts yet, a similar vulnerability in GoAnywhere last year was exploited within a few days and led to a large number of data theft attacks. Immediately upgrading to a fixed version is crucial to avoid likely forthcoming attacks.
Next Steps for GoAnywhere Customers:
We encourage your organization to take the following steps to mitigate against potential attack:
-
Upgrade your GoAnywhere instance to at least version 7.4.1
-
If you aren’t able to patch, Fortra has provided two alternate mitigation options:
-
In non-container deployments: delete the InitialAccountSetup.xhtml file in the install directory and restart the services.
-
In container-deployed instances: replace InitialAccountSetup.xhtml with an empty file and restart the services.