1 min read

Mitigation Instructions for CVE-2024-0204

CyRisk Vulnerability Management Team : Jan 25, 2024 3:00:35 PM

security

Subject: Mitigation Instructions for CVE-2024-0204 Fortra's GoAnywhere MFT Vulnerability

Tech Stack: Fortra's GoAnywhere Managed File Transfer (MFT)

Date(s) Issued: First reported on Jan. 22, 2024, with updates on Jan. 24, 2024

Criticality: HIGH (CVSS score: 9.8)

Overview:

CVE-2024-0204 is a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT prior to version 7.4.1. It allows unauthorized users to create an admin user via the admin portal, posing significant security risks.

Solution:

Immediate action is required to mitigate this vulnerability:

Update Fortra's GoAnywhere MFT to version 7.4.1 or later.
Review and monitor admin user creation logs for any unusual activity.
Regularly audit your system's security settings and user privileges.

For additional support, contact Fortra's security team or refer to their official security advisory.

References:

NIST National Vulnerability Database for CVE-2024-0204: NVD - CVE-2024-0204
Fortra Security Advisory: Fortra Security Advisory

Mitigation Instructions for Drupal SEoL (6.x)

CyRisk Vulnerability Management Team: Jul 17, 2024 12:28:55 PM

Subject: Drupal Unsupported Version Detection (6.x)

security

Mitigation Instructions for Microsoft SQL Server Unsupported Version Detection (remote check)

CyRisk Vulnerability Management Team: Jul 17, 2024 12:24:56 PM

Subject: Microsoft SQL Server Unsupported Version Detection

security

Mitigation Instructions for Python Unsupported Version Detection

CyRisk Vulnerability Management Team: Jul 17, 2024 12:18:31 PM

Subject: Python Unsupported Version Detection

security