Now would be a good time to check your organization’s managed filed transfer service.
A new vulnerability in Fortra’s GoAnywhere managed file transfer service could allow unauthorized users to create administrative users through the administration portal. Deemed a critical issue, NIST gave this issue a base score of 9.8 out of 10.
Notably, this particular product was previously targeted by the same threat actor group as targeted MOVEit a few months ago. Vulnerabilities in file transfer systems can allow bad actors to access a wide array of potentially sensitive documents, as illustrated by the MOVEit campaign. The attackers in that instance targeted MOVEit to exploit another access-based vulnerability, also rated 9.8 out of 10, and steal sensitive information from over 2,700 organizations and 90 million individuals, which led to multimillion-dollar ransoms and ongoing litigation. Before MOVEit, the same threat actors appear to have been involved in exploiting a vulnerability in GoAnywhere, suggesting the possibility that that group may target this vulnerability as well.
Fortra discovered the vulnerability in its GoAnywhere managed file transfer service in early December 2023 and released patches soon after. On January 22, 2024, Fortra disclosed the vulnerability and advised users to fix it by upgrading the GoAnywhere product to version 7.4.1 or higher.
For users who cannot upgrade to the latest version yet, Fortra explained that users can also eliminate the vulnerability in non-container deployment by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services, and in container deployments by replacing the file with an empty file and restarting the services.
Authored by Nathan Salminen and Soojin Jeong
