Recently, Fortra released a security advisory for CVE-2024-0204, a GoAnywhere MFT authentication bypass vulnerability. This bug allows an unauthenticated attacker to create an administrative user by exploiting an InitialAccountSetup.xhtml endpoint–accessible via path traversal–to initiate the administrative account setup page. This vulnerability has a CVSS score of 9.8 and is remotely exploitable.
In one day, Imperva Threat Research observed over 15,000 requests to hundreds of sites, predominantly in the Financial Services industry. Attackers leveraged the public proof-of-concept (PoC) using automated tools written in the Go programming language.
Imperva customers are defended against CVE-2024-0204. Imperva Cloud WAF and WAF Gateway customers who have enabled and configured their Emergency Feed (THR) components are already protected out of the box. On-Prem customers will need to enable the signatures manually. Even with protection, we urge our customers to remain vigilant and update their systems with the latest security patches.
Try Imperva for Free
Protect your business for 30 days on Imperva.
