Lucene search

K
cveFortraCVE-2024-0204
HistoryJan 22, 2024 - 6:15 p.m.

CVE-2024-0204

2024-01-2218:15:20
CWE-425
Fortra
web.nvd.nist.gov
87
153
cve-2024-0204
authentication bypass
fortra's goanywhere mft
nvd
security vulnerability
admin user creation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.651

Percentile

98.0%

Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Affected configurations

Nvd
Node
fortragoanywhere_managed_file_transferRange7.0.07.4.1
OR
fortragoanywhere_managed_file_transferMatch6.0.0
VendorProductVersionCPE
fortragoanywhere_managed_file_transfer*cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
fortragoanywhere_managed_file_transfer6.0.0cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "GoAnywhere MFT",
    "vendor": "Fortra",
    "versions": [
      {
        "lessThan": "7.4.1",
        "status": "affected",
        "version": "6.0.1",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.651

Percentile

98.0%