CVE-2024-25157

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

A

n authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

References

Link	Resource
https://www.fortra.com/security/advisories/product-security/fi-2024-009	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*

History

19 Aug 2024, 18:57

Type	Values Removed	Values Added
References	~~() https://www.fortra.com/security/advisories/product-security/fi-2024-009 -~~	() https://www.fortra.com/security/advisories/product-security/fi-2024-009 - Vendor Advisory
First Time		Fortra Fortra goanywhere Managed File Transfer
CWE		CWE-287
CPE		cpe:2.3:a:fortra:goanywhere_managed_file_transfer::::::::

14 Aug 2024, 17:49

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-14 15:15

Updated : 2024-08-19 18:57

NVD link : CVE-2024-25157

Mitre link : CVE-2024-25157

CVE.ORG link : CVE-2024-25157

JSON object : View

Products Affected

goanywhere_managed_file_transfer

CWE

CWE-287

Improper Authentication

CWE-303

Incorrect Implementation of Authentication Algorithm

{"id": "CVE-2024-25157", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-08-14T15:15:18.023", "references": [{"url": "https://www.fortra.com/security/advisories/product-security/fi-2024-009", "tags": ["Vendor Advisory"], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "description": [{"lang": "en", "value": "CWE-303"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en GoAnywhere MFT anterior a 7.6.0 permite a los usuarios administradores con acceso a la consola del agente omitir algunas comprobaciones de permisos cuando intentan visitar otras p\u00e1ginas. Esto podr\u00eda dar lugar a la divulgaci\u00f3n o modificaci\u00f3n no autorizada de informaci\u00f3n."}], "lastModified": "2024-08-19T18:57:58.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "473E0873-F26C-4E9A-B58A-CF853E6F07DF", "versionEndExcluding": "7.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}