Lucene search

K
nvdDf4dee71-de3a-4139-9588-11b62fe6c0ffNVD:CVE-2024-0204
HistoryJan 22, 2024 - 6:15 p.m.

CVE-2024-0204

2024-01-2218:15:20
CWE-425
df4dee71-de3a-4139-9588-11b62fe6c0ff
web.nvd.nist.gov
5
cve-2024-0204
fortra's goanywhere mft
authentication bypass
unauthorized user
admin user creation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.651

Percentile

98.0%

Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Affected configurations

Nvd
Node
fortragoanywhere_managed_file_transferRange7.0.07.4.1
OR
fortragoanywhere_managed_file_transferMatch6.0.0
VendorProductVersionCPE
fortragoanywhere_managed_file_transfer*cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
fortragoanywhere_managed_file_transfer6.0.0cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.651

Percentile

98.0%