Security News > 2024 > January > PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Proof-of-concept exploit code for a critical vulnerability in Fortra's GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it.
CVE-2024-0204 was privately reported by Mohammed Eldeeb and Islam Elrfai of Spark Engineering Consultants in early December 2023, and Fortra's GoAnywhere MFT customers got an advance warning with instructions on how to remediate the vulnerability.
On Monday, January 22, Fortra finally released a publicly accessible security advisory documenting the existence of the vulnerability, now officially identified via a CVE number.
Ai researchers published a technical analysis of the vulnerability and a PoC script that exploits CVE-2024-0204 to add an administrative user to a vulnerable Fortra GoAnywhere MFT installation.
The Shodan search engine currently sees 1,800+ internet-exposed Fortra GoAnywhere MFT admin portals.
While the hope is that affected customers have already upgraded their installations, organizations have historically been slow to patch GoAnywhere MFT even when a vulnerability was under active exploitation for months.
News URL
https://www.helpnetsecurity.com/2024/01/24/poc-cve-2024-0204/
Related news
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- CVE fallout: The splintering of the standard vulnerability tracking system has begun (source)
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-0204 | Forced Browsing vulnerability in Fortra Goanywhere Managed File Transfer Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 9.8 |