September 30, 2023

A zero-day vulnerability in Fortra’s GoAnywhere MFT managed file transfer application is being actively exploited in the wild.

Brian Krebs detailed out first about the flaw . But no public advisory has been published by Fortra.

The vulnerability is a remote code injection that requires access to the administrative console of the application, making it imperative that the systems are not exposed to the public internet.

Advertisements

As per the researcher, there are over 1,000 on-premise instances that are publicly accessible over the internet.

GoAnywhere MFT customers to review all administrative users and monitor for unrecognized usernames, especially those created by the system. It’s also possible for threat actors to exploit reused, weak, or default credentials to obtain administrative access to the console.

There is no patch currently available for the zero-day vulnerability, although Fortra has released workarounds to remove the “License Response Servlet” configuration from the web.xml file.

Tags:

Leave a Reply

You may have missed

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023
%d bloggers like this: