A critical security vulnerability in Progress Software’s MOVEit Transfer has been discovered and is known to be under active exploitation. The flaw, identified as CVE-2024-5806, has a CVSS score of 9.1 and involves an authentication bypass affecting several versions of MOVEit Transfer.
Affected Versions
- Versions from 2023.0.0 before 2023.0.11
- Versions from 2023.1.0 before 2023.1.6
- Versions from 2024.0.0 before 2024.0.2
According to the advisory released by Progress Software, this vulnerability can lead to an authentication bypass in the SFTP module of MOVEit Transfer.
Additional Vulnerabilities
Another critical vulnerability, CVE-2024-5805 (CVSS score: 9.1), also impacts MOVEit Gateway version 2024.0.0, allowing attackers to bypass SFTP authentication and gain unauthorized access.
Technical Details
watchTowr Labs has provided further details on CVE-2024-5806. Researchers Aliz Hammond and Sina Kheirkhah highlighted that this vulnerability can be used to impersonate any user on the server. This issue is exacerbated by a vulnerability in the IPWorks SSH library used by MOVEit.
While the more severe impersonation vulnerability is unique to MOVEit, the forced authentication vulnerability affects all applications using the IPWorks SSH server.
Mitigation Steps
Progress Software recommends the following measures to mitigate the risks:
- Block public inbound RDP access to MOVEit Transfer servers.
- Limit outbound access to only known trusted endpoints from MOVEit Transfer servers
Prerequisites for Exploitation
Exploiting CVE-2024-5806 requires the following:
- Knowledge of an existing username
- Remote authentication capability of the target account
- Public accessibility of the SFTP service over the internet
Historical Context
This situation resembles last year’s Cl0p ransomware attacks, which exploited another MOVEit Transfer vulnerability (CVE-2023-34362, CVSS score: 9.8). It is crucial to immediately update to the latest software versions.
Official Statement
Progress Software has stated, “We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct operational impact to customers.”
Conclusion
Immediate action is required to patch these vulnerabilities to prevent potential exploitation. Follow us on Twitter and LinkedIn for more updates and exclusive content.
SecPod SanerNow is the patch management solution you can use to patch security risks like Moveit! SanerNow detects security risks, downloads the respective patch and deploys it through your network, all on its own!
Further, it can enforce compliance policies, mitigate security risks beyond CVEs and generate audit-ready reports to unify and streamline your cyberdefense.
