CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
9.8
CVSS
Description
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Classification
CVE ID: CVE-2024-0204
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
Vendor: Fortra
Product: GoAnywhere MFT
Nuclei Template
http/cves/2024/CVE-2024-0204.yaml
Exploit Prediction Scoring System (EPSS)
EPSS Score: 64.5% (probability of being exploited)
EPSS Percentile: 98.12% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)
References
https://www.fortra.com/security/advisory/fi-2024-001https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html