Welcome to Scribd!

CERT-In Vulnerability Notes

Uploaded by

bimaf19491

0% found this document useful (0 votes)

6 views2 pages

A critical vulnerability has been reported in Fortra GoAnywhere MFT versions 6.x to 7.x that could allow a remote attacker to bypass authentication. The vulnerability exists in the "/InitialAccountSetup.xhtml" endpoint and could be exploited to create an admin user. Fortra has released updates to address this issue and recommends deleting or replacing the vulnerable file and restarting services. A CVE identifier CVE-2024-0204 has been assigned.

Original Description:

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

6 views2 pages

CERT-In Vulnerability Notes

Uploaded by

bimaf19491

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

CERT-In Vulnerability Notes https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES0...

CERT-In Vulnerability Note CIVN-2024-0019

Authentication Bypass Vulnerability in Fortra GoAnywhere MFT

Original Issue Date:January 24, 2024

Severity Rating: CRITICAL

Software Affected

• Fortra GoAnywhere MFT versions 6.x from 6.0.1

• Fortra GoAnywhere MFT versions 7.x prior to 7.4.1

Overview

A vulnerability has been reported in Fortra GoAnywhere MFT, which could allow a remote attacker to bypass security restrictions
on the target system.

Description

This vulnerability exists in Fortra GoAnywhere MFT due to direct request attacks in the "/InitialAccountSetup.xhtml" endpoint. A
remote attacker could exploit this vulnerability to bypass security restrictions to create an admin user via the administration portal.

Successful exploitation of this vulnerability could allow the attacker to conduct further attacks on the target system.

Mitigations:

The following mitigations are provided by Fortra:

• For non-container deployments, delete the InitialAccountSetup.xhtml file in the installation directory and restart the
services.
• For container deployments, replace the InitialAccountSetup.xhtml file with an empty file and restart the services.

Solution

Apply appropriate updates as mentioned in the Fortra security advisory:

https://www.fortra.com/security/advisory/fi-2024-001

Vendor Information

Fortra
https://www.fortra.com/security/advisory/fi-2024-001

References

https://www.fortra.com/security/advisory/fi-2024-001
https://github.com/horizon3ai/CVE-2024-0204
https://thehackernews.com/2024/01/patch-your-goanywhere-mft-immediately.html

CVE Name
CVE-2024-0204

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

1 of 2 24-01-2024, 04:18 pm
CERT-In Vulnerability Notes https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES0...

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India

2 of 2 24-01-2024, 04:18 pm

Migrating To A Fortigate Firewall: White Paper
Document7 pages
Migrating To A Fortigate Firewall: White Paper
marketingPerNegati
No ratings yet
CheckPoint Security Administration Module - PartI - 09nov2009
Document170 pages
CheckPoint Security Administration Module - PartI - 09nov2009
Luu Tuong
100% (1)
Ethical Hacking and Computer Securities for Beginners
From Everand
Ethical Hacking and Computer Securities for Beginners
Elaiya Iswera Lallan
No ratings yet
NSE3 FortiAuthenticator Combined LiteUpdate 20210311
Document29 pages
NSE3 FortiAuthenticator Combined LiteUpdate 20210311
Bhanuka Senarathna
No ratings yet
Subpoena To Produce Documents, Information, or Objects or To Permit Inspection of Premises in A Civil Action
Document35 pages
Subpoena To Produce Documents, Information, or Objects or To Permit Inspection of Premises in A Civil Action
Gonzalo Zanotti
No ratings yet
Fujitec CP38 Debugging
Document23 pages
Fujitec CP38 Debugging
thành
100% (9)
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
From Everand
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
Slava Gomzin
No ratings yet
SY0-601 - Dumpsbase 45
Document143 pages
SY0-601 - Dumpsbase 45
Drip
No ratings yet
UM MobileLGMV iOS Tablet
Document44 pages
UM MobileLGMV iOS Tablet
asperfud
No ratings yet
Fortigate Firewall Interview Questions and Answers
Document7 pages
Fortigate Firewall Interview Questions and Answers
Mohamed Ibrahim
No ratings yet
"House Price Prediction": Internship Project Report On
Document34 pages
"House Price Prediction": Internship Project Report On
Junior Sampreet
No ratings yet
Python Data Visualization: 2019 Tools and Trends
Document22 pages
Python Data Visualization: 2019 Tools and Trends
Aditya Mishra
No ratings yet
Fortinet Teleworker Solution
Document54 pages
Fortinet Teleworker Solution
greenpeacerom
No ratings yet
Fortigate - VM System Guide 40 mr2 PDF
Document20 pages
Fortigate - VM System Guide 40 mr2 PDF
evaldas9
No ratings yet
FortiOS-7 0 0-Best - Practices
Document34 pages
FortiOS-7 0 0-Best - Practices
Luis Gonzalez
No ratings yet
Column - Pile Design PDF
Document3 pages
Column - Pile Design PDF
Priodeep Chowdhury
No ratings yet
FortiOS-7 0 0-Best - Practices
Document30 pages
FortiOS-7 0 0-Best - Practices
vedant ved
No ratings yet
Information Security SOP
Document15 pages
Information Security SOP
Haemlet
100% (1)
SB Securing Industrial Control Systems With Fortinet
Document8 pages
SB Securing Industrial Control Systems With Fortinet
Diogo Novais
No ratings yet
LAB 6 - Certificate Operations PDF
Document16 pages
LAB 6 - Certificate Operations PDF
kaleab
No ratings yet
Fortinet Ecosystem Overview
Document68 pages
Fortinet Ecosystem Overview
Poncho
No ratings yet
Checkpoint Interview Questions: Click Here
Document29 pages
Checkpoint Interview Questions: Click Here
aayisha banu
No ratings yet
CERT-In Vulnerability Notes - Google Chrome
Document2 pages
CERT-In Vulnerability Notes - Google Chrome
bimaf19491
No ratings yet
Fortirecon V22.2.a Release Notes
Document8 pages
Fortirecon V22.2.a Release Notes
Tiago Pe
No ratings yet
CERT-In Vulnerability Notes in Outlook
Document1 page
CERT-In Vulnerability Notes in Outlook
binefa8329
No ratings yet
Declaration of Cyber Advisory
Document5 pages
Declaration of Cyber Advisory
deeptanwar1997
No ratings yet
Fortinet Forticlient and Symantec Endpoint Protection: Deployment Guide
Document8 pages
Fortinet Forticlient and Symantec Endpoint Protection: Deployment Guide
arry
No ratings yet
Register Unregister Proventia G Appliance
Document2 pages
Register Unregister Proventia G Appliance
SaravanaKumar Arumugam
No ratings yet
Forticlient Quickstart
Document2 pages
Forticlient Quickstart
abccolin
No ratings yet
007-007474-005 Pse Installation Guide Rev-A
Document19 pages
007-007474-005 Pse Installation Guide Rev-A
badivot730
No ratings yet
IDEMIA Security Bulletin - April 2022
Document2 pages
IDEMIA Security Bulletin - April 2022
WERMER MORA
No ratings yet
Ics-Cert Advisory: Icsa-10-214-01 - Vxworks Vulnerabilities
Document5 pages
Ics-Cert Advisory: Icsa-10-214-01 - Vxworks Vulnerabilities
osisyn
No ratings yet
FortiToken 2FA Solutions Guide
Document13 pages
FortiToken 2FA Solutions Guide
abaheabaheabahe
No ratings yet
CompTIA Net Sec Questions - by - .Heery - .154q
Document77 pages
CompTIA Net Sec Questions - by - .Heery - .154q
Sarah Ntim
No ratings yet
Fortigate CC Tech Note
Document34 pages
Fortigate CC Tech Note
Anonymous JtFc6nKN
No ratings yet
In The Wake of Solarwinds Compromise
Document10 pages
In The Wake of Solarwinds Compromise
alfred.x.andrews
No ratings yet
FortiGate Deployment Guide - Microsoft Entra ID - Microsoft Learn
Document13 pages
FortiGate Deployment Guide - Microsoft Entra ID - Microsoft Learn
teinveniam
No ratings yet
FortiOS-7 0 0-Best - Practices
Document30 pages
FortiOS-7 0 0-Best - Practices
Joan
No ratings yet
FortiEDR Fabric Integration Guide Rev2
Document15 pages
FortiEDR Fabric Integration Guide Rev2
guesiero
No ratings yet
Fortinet Virutal Lab Guide
Document4 pages
Fortinet Virutal Lab Guide
pbougoin
No ratings yet
Fortinet and Vyatta: Deployment Guide
Document6 pages
Fortinet and Vyatta: Deployment Guide
Vincent Shen
No ratings yet
FortiClient v5.2.0 Windows Release Notes
Document19 pages
FortiClient v5.2.0 Windows Release Notes
nexroth
No ratings yet
Fortios™ Handbook: Managing Devices For Fortios 5.0
Document27 pages
Fortios™ Handbook: Managing Devices For Fortios 5.0
paulo_an7381
No ratings yet
CERT-In Vulnerability Notes-0025
Document2 pages
CERT-In Vulnerability Notes-0025
vincy salam
No ratings yet
Fortinet Fortigate and Nozomi Networks Guardian: Deployment Guide
Document11 pages
Fortinet Fortigate and Nozomi Networks Guardian: Deployment Guide
Com Digful
No ratings yet
sk10034 - Failed To Install Policy On Module
Document3 pages
sk10034 - Failed To Install Policy On Module
Alexander Sarpa
No ratings yet
Cisco Small Business Routers Vulnerable To Authentication Bypass and Remote Code Execution
Document5 pages
Cisco Small Business Routers Vulnerable To Authentication Bypass and Remote Code Execution
spamkuakua
No ratings yet
Attack Vectors Fortinet
Document5 pages
Attack Vectors Fortinet
Christian Silva
No ratings yet
Nse 3.2
Document5 pages
Nse 3.2
Isnardo Lopez
No ratings yet
AlienVault Displaying Security Events From An External AlienVault Database
Document9 pages
AlienVault Displaying Security Events From An External AlienVault Database
paulohrodrigues
No ratings yet
SB Security Automation
Document3 pages
SB Security Automation
Sir GembuL
No ratings yet
Quiz - Endpoint Monitoring - Attempt Review
Document2 pages
Quiz - Endpoint Monitoring - Attempt Review
yurilima.ti2
No ratings yet
Fortinet Forticlient Local Privilege Escalation
Document8 pages
Fortinet Forticlient Local Privilege Escalation
Leire Meiga
No ratings yet
Final Piccotti-Fanny
Document7 pages
Final Piccotti-Fanny
api-367106337
No ratings yet
SB Application Control Secures Industrial
Document3 pages
SB Application Control Secures Industrial
guesiero
No ratings yet
CERT-In Advisory - 9 - Aug
Document3 pages
CERT-In Advisory - 9 - Aug
Cdrprojectgwl Gwalior
No ratings yet
BlockSec pufETH v1
Document11 pages
BlockSec pufETH v1
mamakyatik064
No ratings yet
Fortinet Presentation 2013
Document28 pages
Fortinet Presentation 2013
cikgufatah
No ratings yet
Technical Note: Fortinet Server Authentication Extension
Document26 pages
Technical Note: Fortinet Server Authentication Extension
regabri
No ratings yet
Fortinetnointernet PDF
Document4 pages
Fortinetnointernet PDF
sanky08
No ratings yet
Fortigate FIPS Mode
Document30 pages
Fortigate FIPS Mode
Yahya Lateef
No ratings yet
Simplifying Operations With The Fortinet Security Fabric and FortiAnalyzer
Document4 pages
Simplifying Operations With The Fortinet Security Fabric and FortiAnalyzer
tola02000
No ratings yet
FortiOS-6.2.2-New Features Guide
Document70 pages
FortiOS-6.2.2-New Features Guide
edjobul
No ratings yet
Certik Audit Report For Itamtoken: Request Date: 2019-07-12 Revision Date: 2019-07-24 Platform Name: Ethereum
Document67 pages
Certik Audit Report For Itamtoken: Request Date: 2019-07-12 Revision Date: 2019-07-24 Platform Name: Ethereum
Lovelia Viloria Agor
No ratings yet
Sec Your Embed Sys Life Cycle
Document5 pages
Sec Your Embed Sys Life Cycle
Ibrahim qashta
No ratings yet
Basic Setup of FortiGate Firewall
From Everand
Basic Setup of FortiGate Firewall
Dr. Hidaia Mahmood Alassoulii
No ratings yet
Regression in Geoda: Briggs Henan University 2010 1
Document37 pages
Regression in Geoda: Briggs Henan University 2010 1
kimhoa
No ratings yet
Kasan-Lesson Plan
Document8 pages
Kasan-Lesson Plan
Norain Kasan
No ratings yet
Lenovo Case Study
Document1 page
Lenovo Case Study
Valeria Mihaliov
100% (1)
Alcatel Omnipcx Enterprise: Personal Code
Document12 pages
Alcatel Omnipcx Enterprise: Personal Code
Ariel Becerra
No ratings yet
Cara Aktivasi Nero Burning ROM 2014
Document1 page
Cara Aktivasi Nero Burning ROM 2014
tamamsampang
No ratings yet
Casefour
Document4 pages
Casefour
api-247540303
No ratings yet
Chapter 1 Review Questions
Document8 pages
Chapter 1 Review Questions
nilkar08
0% (1)
Ses11 Fstream
Document107 pages
Ses11 Fstream
Quang Phạm Văn
No ratings yet
Report
Document57 pages
Report
Nehul Patil
No ratings yet
Wachemo University College of Natural and Computational Sciences Department of Mathematics
Document2 pages
Wachemo University College of Natural and Computational Sciences Department of Mathematics
Simon abebaw
No ratings yet
Technology
Document11 pages
Technology
Aziel
No ratings yet
Draft - Master Direction On Outsourcing of Information Technology (IT) Services
Document23 pages
Draft - Master Direction On Outsourcing of Information Technology (IT) Services
Ashok Jalagam
No ratings yet
IT Maintenance
Document10 pages
IT Maintenance
cmitsolutions.usa
No ratings yet
KPRIT-IIRS Online Course On Hydrological Modeling - 83course
Document2 pages
KPRIT-IIRS Online Course On Hydrological Modeling - 83course
praneeth kuchimanchi
No ratings yet
Life and Letters of F Max Muller I PDF
Document549 pages
Life and Letters of F Max Muller I PDF
AWHOF
No ratings yet
SW-Manual of T9
Document71 pages
SW-Manual of T9
Bryan Pepito
No ratings yet
Renee Wu: Relevant Courses
Document1 page
Renee Wu: Relevant Courses
api-644857202
No ratings yet
EADK Architecture Guide
Document31 pages
EADK Architecture Guide
Ultraziking
No ratings yet
GA PCE06 EasyConfigSoftware E
Document28 pages
GA PCE06 EasyConfigSoftware E
aathif
No ratings yet
Cross Chain Communication
Document14 pages
Cross Chain Communication
Hasan Al-Abadi
No ratings yet
Ekip Signalling Modbus TCP: Installation and Operation Instructions
Document34 pages
Ekip Signalling Modbus TCP: Installation and Operation Instructions
edinson villanueva santisteban
No ratings yet
Wipro Futureskill Final Assessment Slot
Document2 pages
Wipro Futureskill Final Assessment Slot
Yash rai
No ratings yet
Online Store Using e Commerce and Database Design and Implementation IJERTV9IS100168
Document9 pages
Online Store Using e Commerce and Database Design and Implementation IJERTV9IS100168
jelyntabuena977
No ratings yet
Q1. What Are The Things You Need To Consider in Choosing An Operating System?
Document2 pages
Q1. What Are The Things You Need To Consider in Choosing An Operating System?
Trisha Caisip
No ratings yet