A
zero-day
vulnerability
affecting
Fortra’s
GoAnywhere
MFT
managed
file
transfer
application
is
being
actively
exploited
in
the
wild.
Details
of
the
flaw
were
first
publicly
shared
by
security
reporter
Brian
Krebs
on
Mastodon.
No
public
advisory
has
been
published
by
Fortra.
The
vulnerability
is
a
case
of
remote
code
injection
that
requires
access
to
the
administrative
console
of
the
application,
making
it
imperative
that
the
systems
are
not
exposed
to
the
public
internet.
According
to
security
researcher
Kevin
Beaumont,
there
are
over
1,000
on-premise
instances
that
are
publicly
accessible
over
the
internet,
a
majority
of
which
are
located
in
the
U.S.
“The
Fortra
advisory
Krebs
quoted
advises
GoAnywhere
MFT
customers
to
review
all
administrative
users
and
monitor
for
unrecognized
usernames,
especially
those
created
by
system,”
Rapid7
researcher
Caitlin
Condon
said.
“The
logical
deduction
is
that
Fortra
is
likely
seeing
follow-on
attacker
behavior
that
includes
the
creation
of
new
administrative
or
other
users
to
take
over
or
maintain
persistence
on
vulnerable
target
systems.”
Alternatively,
the
cybersecurity
company
said
it’s
possible
for
threat
actors
to
exploit
reused,
weak,
or
default
credentials
to
obtain
administrative
access
to
the
console.
There
is
no
patch
currently
available
for
the
zero-day
vulnerability,
although
Fortra
has
released
workarounds
to
remove
the
“License
Response
Servlet”
configuration
from
the
web.xml
file.
Vulnerabilities
in
file
transfer
solutions
have
become
appealing
targets
for
threat
actors,
what
with
flaws
in
Accellion
and
FileZen
weaponized
for
data
theft
and
extortion.
this
article
interesting?
Follow
us
on
and
to
read
more
exclusive
content
we
post.
About Author
