Reports that Fortra’s GoAnywhere MFT file transfer software was exploited was cause for concern because threat actors could develop exploit code from a publicly released PoC, but as of Thursday afternoon it did not constitute an “active exploitation.”
In a Jan. 25 post on X, researchers at Shadowserver said based on the PoC code publicly released, they observed exploits on more than 120 IP addresses so far. However, the researchers said it’s unlikely the attackers will succeed on a widespread scale because not many admin portals were exposed — only 50 — and most are patched.
…
“This vulnerability is especially dangerous because it can allow an unauthorized user to completely bypass authentication measures and create a new admin account with elevated privileges remotely,” explained Ashley Leonard, chief executive officer at Syxsense. “All of these aspects combine to make the CVE critical.”
…Leonard said to date, the flaw has not been actively exploited, which may be one of the reasons the Cybersecurity and Infrastructure Security Agency (CISA) has not added it to its Known Exploited Vulnerabilities (KEV) catalog.
