Recently, a zero-day vulnerability was discovered in the GoAnywhere managed file transfer software, and news of active exploitation has been reported. Fortra, formerly known as HelpSystems, released two security notifications with mitigations and indicators of compromise. They have now released a patch for the vulnerability and are urging users to install GoAnywhere MFT 7.1.2 as soon as possible, especially if their admin portal is exposed to the internet. There is no information available about the attacks, and no CVE identifier has been assigned to the flaw. Users have been told to check log files for a particular line that indicates a system has been targeted in an attack. If signs of compromise are found, users should check their installation for suspicious administrator users. A proof-of-concept exploit and technical details have been published by a researcher. A Shodan search shows nearly 1,000 internet-exposed instances of GoAnywhere, but the vendor has stated that exploitation requires access to the application's admin console, and some of the exposed instances appear to be associated with the product's web client interface, which is not affected.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 07 Feb 2023 15:23:03 +0000