20240124002 - GoAnywhere Advisory

docs/advisories/20240123002-GoAnywhere-MFT-bypass-vulnerability.md

@@ -0,0 +1,29 @@
+# Frontra GoAnywhere MFT Authentication Bypass Vulnerability - 20240124002
+
+## Overview
+
+Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
+
+## What is the vulnerability?
+
+| CVE                                                                             | Severity     | CVSS |
+| ------------------------------------------------------------------------------- | ------------ | ---- |
+| [CVE-2023-0204](https://nvd.nist.gov/vuln/detail/CVE-2024-0204) | **Critical**     | 9.8  |
+
+## What is vulnerable?
+
+| Product(s) Affected                        | Vendor Advisory                                      |
+| ------------------------------------------ | ---------------------------------------------------- |
+| Fortra GoAnywhere MFT 6.x from 6.0.1              | [fi-2024-001](https://www.fortra.com/security/advisory/fi-2024-001) |
+| Fortra GoAnywhere MFT 7.x before 7.4.1              | [fi-2024-001](https://www.fortra.com/security/advisory/fi-2024-001) |
+
+
+## What has been observed?
+
+There is no evidence of vulnerable versions of GoAnywhere affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+Upgrade to version 7.4.1 or higher. The vulnerability may also be eliminated in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, replace the file with an empty file and restart. For additional information: https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md))