CVE-2024-9945
📋 TL;DR
An information disclosure vulnerability in Fortra's GoAnywhere MFT allows external attackers to access sensitive admin root folder resources without authentication. This affects organizations using GoAnywhere MFT versions before 7.7.0 for secure file transfers.
💻 Affected Systems
- Fortra GoAnywhere MFT
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive configuration files, credentials, or administrative data leading to complete system compromise and data exfiltration.
Likely Case
Unauthorized access to sensitive administrative files and configuration data, potentially exposing credentials and system information.
If Mitigated
Limited exposure if proper network segmentation and access controls are implemented, but still presents information disclosure risk.
🎯 Exploit Status
The vulnerability allows external access, suggesting relatively simple exploitation paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.7.0
Vendor Advisory: https://www.fortra.com/security/advisories/product-security/fi-2024-014
Restart Required: Yes
Instructions:
1. Download GoAnywhere MFT version 7.7.0 from Fortra support portal. 2. Backup current configuration and data. 3. Stop GoAnywhere services. 4. Install the update following vendor documentation. 5. Restart services and verify functionality.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to GoAnywhere MFT admin interfaces using firewall rules
Admin Folder Access Controls
allImplement additional file system permissions on admin root folders
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to GoAnywhere MFT
- Monitor admin folder access logs for suspicious activity and implement additional authentication layers
🔍 How to Verify
Check if Vulnerable:
Check GoAnywhere MFT version in admin interface or via system properties; versions below 7.7.0 are vulnerable.Check Version:
Check version in GoAnywhere admin web interface or consult installation documentation for version verification methods.Verify Fix Applied:
Verify version shows 7.7.0 or higher in admin interface and test that external access to admin folders is properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to admin folders
- Unusual file access patterns in admin directories
Network Indicators:
- External IP addresses accessing admin endpoints
- Unusual traffic patterns to admin interfaces
SIEM Query:
source="goanywhere" AND (event_type="file_access" AND path="*admin*") OR (http_request="*admin*")