1 min read

Mitigation Instructions for CVE-2024-0204

CyRisk Vulnerability Management Team : Jan 25, 2024 3:00:35 PM

security

Subject: Mitigation Instructions for CVE-2024-0204 Fortra's GoAnywhere MFT Vulnerability

Tech Stack: Fortra's GoAnywhere Managed File Transfer (MFT)

Date(s) Issued: First reported on Jan. 22, 2024, with updates on Jan. 24, 2024

Criticality: HIGH (CVSS score: 9.8)

Overview:

CVE-2024-0204 is a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT prior to version 7.4.1. It allows unauthorized users to create an admin user via the admin portal, posing significant security risks.

Solution:

Immediate action is required to mitigate this vulnerability:

Update Fortra's GoAnywhere MFT to version 7.4.1 or later.
Review and monitor admin user creation logs for any unusual activity.
Regularly audit your system's security settings and user privileges.

For additional support, contact Fortra's security team or refer to their official security advisory.

References:

NIST National Vulnerability Database for CVE-2024-0204: NVD - CVE-2024-0204
Fortra Security Advisory: Fortra Security Advisory

Mitigation Instructions for CVE-2016-4437

CyRisk Vulnerability Management Team: Nov 15, 2024 10:22:27 AM

Mitigating CVE-2016-4437: Remote Code Execution Vulnerability in Apache ActiveMQ

security

Mitigation Instructions for CVE-2013-1896

CyRisk Vulnerability Management Team: Nov 15, 2024 10:15:00 AM

Mitigating CVE-2013-1896: Privilege Escalation Vulnerability in Puppet

security

Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

CyRisk Vulnerability Management Team: Oct 21, 2024 10:26:10 AM

Subject: Mitigating CVE-2014-6271: Shellshock Vulnerability in Bash

security