A security researcher has just dumped a proof-of-Concept code for the GoAnywhere MFT that can lead anyone to access a vulnerable GoAnywhere system without any authentication.
Since a web scan revealed over 1,000 GoAnywhere MFT exposed online, researchers warn system admins to apply the available mitigation measures as soon as possible to avoid hacks. The GoAnywhere OEM is yet to acknowledge and release a patch for this.
Exploit the GoAnywhere MFT
GoAnywhere MFT is a web-based managed file transfer tool for organizations to share files securely with their partners and track the audit logs of who has accessed the shared files. As it’s an important tool for severe firms in their regular business, any vulnerability spotted in this should be immediately addressed.
But, the maker Fortra is yet to acknowledge a bug in GoAnywhere MFT that may let anyone unauthenticated access the system remotely and exploit it. Fortra is also the developer of a widely exploited tool named Cobalt Strike in several hacking incidents.
On Monday, a security researcher named Florian Hauser from Code White released a proof-of-concept code for exploiting GoAnywhere MFTs, remotely! Though the OEMs say the initial vector needs access to the administrative console of the application, there are plenty of them exposed to the public without many restrictions.
Well done @frycos , such a sweet pre-auth RCE! https://t.co/JRE9DcXOGb pic.twitter.com/cJlvEmL2Km — ϻг_ϻε (@ [email protected] ) (@steventseeley) February 4, 2023
