Progress Software reports new vulnerability MOVEit Transfer
Take action: If you are (still) using MOVEit Transfer software and still haven't gotten the memo from Progress, time to patch immediately. Nobody wants a repeat of the disaster from 2023.
Learn More
Progress Software has reported a new security vulnerability in its MOVEit Transfer software, tracked as CVE-2024-5806 (CVSS score 9.1 by Progress). It's an improper authentication issue in the SFTP module allows attackers to bypass authentication.
The nonprofit Shadowserver Foundation reported increased number of scans of possibly vulnerable MOVEit Transfer servers was detected within hours of its public disclosure on June 25, 2024. They identified around 1,800 instances of MOVEit Transfer online, though not all are vulnerable.
Researchers at watchTowr provided detailed analysis, describing the vulnerability as "truly bizarre" and highlighting two attack scenarios:
- Forced Authentication: Using a malicious SMB server and a valid username to force authentication.
- User Impersonation: Uploading an SSH public key to the server without logging in, allowing attackers to authenticate as any user and perform actions such as reading, modifying, and deleting sensitive data.
Affected Versions
- MOVEit Transfer versions from 2023.0.0 up to but not including 2023.0.11.
- MOVEit Transfer versions from 2023.1.0 up to but not including 2023.1.6.
- MOVEit Transfer versions from 2024.0.0 up to but not including 2024.0.2.
Progress Software has released patches to address this vulnerability and has apparently been actively working with customers to patch MOVEit before the publication of the vulnerability.
Administrators that haven't yet patched are urged to apply these patches immediately
This is not the first time MOVEit Transfer has been targeted. On May 27, 2023, the Cl0p ransomware group exploited a zero-day SQL injection vulnerability (CVE-2023-34362), impacting hundreds of organizations. This led to massive data breaches, with millions of affected individuals.
