Fortra Patches Critical Authentication Bypass Vulnerability in GoAnywhere MFT (CVE-2024-0204)

On January 22, Fortra published an advisory for a critical vulnerability in its GoAnywhere Managed File Transfer (MFT) software:

• CVE-2024-0204

The vulnerability was patched in early December 2023, though an official advisory was not published until January 22.

A year ago, a zero-day vulnerability in GoAnywhere MFT was exploited by the Cl0p ransomware group in attacks conducted between January 28 through January 30, leading to the theft of stolen data from “over 130 organizations.” 

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.