From 7cb33f9efe28605d377f00060afb9638f13cfb7c Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Wed, 24 Jan 2024 19:15:27 +0800 Subject: [PATCH] Create GoAnywhere_MFT_InitialAccountSetup.xhtml_Bypass_Vulnerability_(CVE-2024-0204).md --- ...up.xhtml_Bypass_Vulnerability_(CVE-2024-0204).md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 GoAnywhere_MFT_InitialAccountSetup.xhtml_Bypass_Vulnerability_(CVE-2024-0204).md diff --git a/GoAnywhere_MFT_InitialAccountSetup.xhtml_Bypass_Vulnerability_(CVE-2024-0204).md b/GoAnywhere_MFT_InitialAccountSetup.xhtml_Bypass_Vulnerability_(CVE-2024-0204).md new file mode 100644 index 0000000..c95cee9 --- /dev/null +++ b/GoAnywhere_MFT_InitialAccountSetup.xhtml_Bypass_Vulnerability_(CVE-2024-0204).md @@ -0,0 +1,13 @@ + +## GoAnywhere MFT InitialAccountSetup.xhtml Bypass Vulnerability (CVE-2024-0204) + +| **Vulnerability** | GoAnywhere MFT InitialAccountSetup.xhtml Bypass Vulnerability (CVE-2024-0204) | +| :----: | :-----| +| **Chinese name** | GoAnywhere MFT InitialAccountSetup.xhtml 绕过漏洞(CVE-2024-0204) | +| **CVSS core** | 9.8 | +| **FOFA Query** (click to view the results directly)| [app="GoAnywhere-MFT"](https://en.fofa.info/result?qbase64=dGl0bGU9IkdvQW55d2hlcmUiIHx8IGhlYWRlcj0iL2dvYW55d2hlcmUiIHx8IGJhbm5lcj0iL2dvYW55d2hlcmUi)| +| **Number of assets affected** | 4468 | +| **Description** | GoAnywhere MFT (Managed File Transfer) is an enterprise-class file transfer solution provided by HelpSystems, designed to meet the needs of organizations for secure, manageable and automated file transfer.Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system. | +| **Impact** | Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system. | + +![](https://s3.bmp.ovh/imgs/2024/01/24/fed22927c8fb9a5f.gif).