1 min read

Mitigation Instructions for CVE-2024-0204

CyRisk Vulnerability Management Team : Jan 25, 2024 3:00:35 PM

security

Subject: Mitigation Instructions for CVE-2024-0204 Fortra's GoAnywhere MFT Vulnerability

Tech Stack: Fortra's GoAnywhere Managed File Transfer (MFT)

Date(s) Issued: First reported on Jan. 22, 2024, with updates on Jan. 24, 2024

Criticality: HIGH (CVSS score: 9.8)

Overview:

CVE-2024-0204 is a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT prior to version 7.4.1. It allows unauthorized users to create an admin user via the admin portal, posing significant security risks.

Solution:

Immediate action is required to mitigate this vulnerability:

Update Fortra's GoAnywhere MFT to version 7.4.1 or later.
Review and monitor admin user creation logs for any unusual activity.
Regularly audit your system's security settings and user privileges.

For additional support, contact Fortra's security team or refer to their official security advisory.

References:

NIST National Vulnerability Database for CVE-2024-0204: NVD - CVE-2024-0204
Fortra Security Advisory: Fortra Security Advisory

Mitigation Instructions for Adobe ColdFusion CVE-2023-29300

CyRisk Vulnerability Management Team: Mar 8, 2024 2:53:16 PM

SUBJECT: CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability - Detailed Mitigation Guide

security

Mitigation Instructions for Microsoft Exchange Server CVE-2024-21410

CyRisk Vulnerability Management Team: Mar 8, 2024 2:50:55 PM

SUBJECT: Critical Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

security

Mitigation Instructions for Cisco ASA and FTD CVE-2020-3259

CyRisk Vulnerability Management Team: Mar 8, 2024 2:50:45 PM

SUBJECT: Mitigate Cisco ASA and FTD Information Disclosure Vulnerability (CVE-2020-3259)

security