module
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
| Disclosed |
|---|
| Jan 22, 2024 |
Disclosed
Jan 22, 2024
Description
This module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to
create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere
MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable.
create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere
MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.