Mitigation Instructions for CVE-2024-0204

Subject: Mitigation Instructions for CVE-2024-0204 Fortra's GoAnywhere MFT Vulnerability

Tech Stack: Fortra's GoAnywhere Managed File Transfer (MFT)

Date(s) Issued: First reported on Jan. 22, 2024, with updates on Jan. 24, 2024

Criticality: HIGH (CVSS score: 9.8)

Overview:

CVE-2024-0204 is a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT prior to version 7.4.1. It allows unauthorized users to create an admin user via the admin portal, posing significant security risks.

Solution:

Immediate action is required to mitigate this vulnerability:

1. Update Fortra's GoAnywhere MFT to version 7.4.1 or later.
2. Review and monitor admin user creation logs for any unusual activity.
3. Regularly audit your system's security settings and user privileges.

For additional support, contact Fortra's security team or refer to their official security advisory.

References:

• NIST National Vulnerability Database for CVE-2024-0204: NVD - CVE-2024-0204
• Fortra Security Advisory: Fortra Security Advisory