September 30, 2023

A zero-day vulnerability in Fortra’s GoAnywhere MFT managed file transfer application is being actively exploited in the wild.

Brian Krebs detailed out first about the flaw . But no public advisory has been published by Fortra.

The vulnerability is a remote code injection that requires access to the administrative console of the application, making it imperative that the systems are not exposed to the public internet.

Advertisements

As per the researcher, there are over 1,000 on-premise instances that are publicly accessible over the internet.

GoAnywhere MFT customers to review all administrative users and monitor for unrecognized usernames, especially those created by the system. It’s also possible for threat actors to exploit reused, weak, or default credentials to obtain administrative access to the console.

There is no patch currently available for the zero-day vulnerability, although Fortra has released workarounds to remove the “License Response Servlet” configuration from the web.xml file.

Leave a Reply

%d bloggers like this: