Proof-of-concept (PoC) code targeting a critical vulnerability in Fortra’s GoAnywhere MFT (managed file transfer) product was published one day after the vendor’s advisory came out. The issue, tracked as CVE-2024-0204, is described as an authentication bypass flaw that could allow an unauthenticated attacker to create an administrator user for the application, via the administration portal. Fortra released patches for the bug on December 7 and published an advisory on January 22, urging customers to update their GoAnywhere MFT instances to version 7.4.1 or higher. On January 23, one day after the public advisory, penetration testing firm Horizon3.ai published a technical writeup on the bug’s possible root cause and announced the availability of PoC code.
Read more: https://www.securityweek.com/poc-code-published-for-just-disclosed-fortra-goanywhere-vulnerability/