A new GoAnywhere MFT zero-day vulnerability has been discovered and is actively exploited. Exploit code has been released that could compromise the security of Internet-exposed GoAnywhere MFT administrator consoles. GoAnywhere MFT is a web-based and managed file transfer tool used by organizations to transfer files with partners and keep sensitive data protected securely. In this blog post, we will discuss the details of the new zero-day exploit code and how to protect against it.
Table of Contents
What is GoAnywhere MFT?
GoAnywhere MFT is a web-based managed file transfer (MFT) tool used by organizations to transfer files and data with partners securely. The product moves files over the internet, internally across corporate networks, and through different cloud storage services. GoAnywhere MFT also helps organizations meet compliance standards by allowing them to encrypt and digitally sign files before sending them.
It also provides administrators with detailed logging and tracking capabilities to monitor file transfers. Additionally, the software has built-in security measures such as two-factor authentication and the ability to restrict access to certain features based on user roles.
GoAnywhere MFT is designed to provide organizations with the security they need while allowing them to collaborate with partners in a secure environment.
What is the zero-day vulnerability?
The zero-day vulnerability affecting GoAnywhere MFT is a remote code execution (RCE) bug. This allows malicious attackers to gain access to the administrator console of GoAnywhere MFT, potentially giving them full access to the server and the ability to execute arbitrary code. This can lead to data theft, destruction, and other malicious activities.
The exploit was made public on January 18, 2021, and affects all versions of GoAnywhere MFT. It is unknown how long this vulnerability has been active and how many systems have been compromised. However, likely, many systems have already been affected.
Fortunately, fixes are available for the exploit. It is recommended that users update their GoAnywhere MFT servers to the latest version as soon as possible to protect themselves from potential attacks.
How does the exploit work?
The exploit code allows attackers to take advantage of a zero-day vulnerability in GoAnywhere MFT’s web-based administration console. This vulnerability can be exploited by an attacker with no authentication or authorization, allowing them to gain access to the administrative console and potentially execute malicious commands.
The exploit involves sending a malicious HTTP request to the vulnerable endpoint of the console, which allows attackers to bypass authentication and authorization. Once authenticated, attackers can then execute arbitrary commands on the server, allowing them to control the system completely.
The exploit code has been released publicly, meaning that any attacker with basic technical knowledge can access vulnerable systems. It is important to note that, to take full advantage of the exploit, an attacker must have access to the server’s IP address and port.
Given the potential risks associated with this exploit, organizations are urged to update their GoAnywhere MFT version immediately. Additionally, organizations should ensure that their web-based administration consoles are only accessible from trusted IP addresses and ports.
What can you do to protect yourself?
To protect yourself and your organization from this zero-day vulnerability, it is essential to ensure that the version of GoAnywhere MFT being used is up to date. The latest version of GoAnywhere MFT, version 5.5.1, includes the security patch which fixes the vulnerability. Additionally, organizations should consider disabling public access to the GoAnywhere MFT administrator console and requiring multi-factor authentication for remote access.
Organizations should also stay up to date on any further developments related to this vulnerability and take appropriate action when necessary. Allowing attackers to take control of an internet-exposed administrator console can have disastrous consequences, so it is important to take all possible measures to secure your network.
Top GoAnywhere MFT FAQs
What is GoAnywhere MFT, and what does it do?
GoAnywhere MFT is a Managed File Transfer (MFT) solution that helps organizations securely transfer files and manage file transfers between different systems, people, and locations.
What are the key features of GoAnywhere MFT?
- Secure file transfers (SFTP, FTPS, HTTPS, etc.)
- Automated file transfers and workflows
- Compliance and audit reporting
- User authentication and access controls
- Secure email and mobile file transfer options
- Advanced data transformation and mapping capabilities
- Customizable dashboards and alerts
How is GoAnywhere MFT different from other file transfer solutions?
GoAnywhere MFT offers comprehensive features and tools that allow organizations to automate, secure, and monitor their file transfers across multiple protocols and platforms. It also provides robust data transformation capabilities, making it a versatile solution for various industries and use cases.
How secure is GoAnywhere MFT?
GoAnywhere MFT uses industry-standard encryption algorithms and security protocols to ensure the privacy and security of file transfers. It also provides user authentication, access controls, and audit reporting to ensure compliance with data security regulations.
How do I install GoAnywhere MFT?
GoAnywhere MFT can be installed on-premises or in the cloud, depending on the organization’s needs and preferences. The installation process is straightforward and can be completed with the help of the GoAnywhere MFT documentation and support team.
What platforms does GoAnywhere MFT support?
GoAnywhere MFT supports multiple platforms, including Windows, Linux, Unix, and IBM iSeries.
How do I use GoAnywhere MFT to transfer files?
GoAnywhere MFT provides a web-based interface that makes it easy to transfer files using SFTP, FTPS, HTTPS, or other protocols. You can also automate file transfers using workflows and scripts or send secure emails or mobile transfers.
What kind of reporting and monitoring does GoAnywhere MFT provide?
GoAnywhere MFT provides detailed reporting and monitoring capabilities that allow you to track file transfer activities, performance, and errors. You can also generate custom reports, set alerts, and view dashboard summaries.
