Progress MOVEit Transfer: Attacks on vulnerability CVE-2024-5806

Posted on 2024-06-26 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The vulnerability CVE-2024-5806 was recently discovered in the Progress MOVEit Transfer software. Attacks on the CVE-2024-5806 vulnerability were observed shortly after this information was published. This brings back bad memories of a MOVEit Transfer vulnerability through which hundreds of companies were hacked by a gang of cyber criminals.

Advertising

The vulnerability CVE-2024-5806

Vulnerability CVE-2024-5806 relates to an authentication flaw in Progress MOVEit Transfer (SFTP module) and was disclosed by watchtowr.com. The authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to an authentication bypass in limited scenarios. The following MOVEit Transfer versions are affected:

  • 2023.0.0 vor 2023.0.11,
  • 2023.1.0 vor 2023.1.6,
  • 2024.0.0 vor 2024.0.2

This issue in MOVEit Transfer became public on June 25, 2024 in this MOVEit community post and is considered critical with a CVSS score of 9.1. If you have not already done so, Progress Software strongly recommends that all MOVEit Transfer customers with versions 2023.0, 2023.1 and 2024.0 update to the latest patched version immediately and also apply the measures listed in the community post to fix the third-party vulnerability.

Attacks are taking place

I came across the following tweet from Shadow Server Foundation on X night. Shortly after the vulnerability was published, security researchers began monitoring Progress MOVEit Transfer CVE-2024-5806 POST /guestaccess.aspx exploit attempts.

Progress MOVEit Transfer CVE-2024-5806

The security researchers advise: If you use MOVEit and have not yet patched it, please do so. It is probably only a matter of time before the software used for file transfer is exploited via the above vulnerability to steal data.

Advertising

Reminders for CVE-2023-34362

Many readers may remember CVE-2023-34362, the catastrophic vulnerability in Progress MOVEit Transfer that led to the compromise of many companies (victims included the BBC and the FBI ). Sensitive data was lost and sensitive data was destroyed when the cl0p ransomware gang exploited 0days to steal data – ultimately leaving a trail of devastation in its wake.

Similar articles:
Warning: MOVEit vulnerability is abused in attacks, data extradicted
Lace Tempest/Clop ransomware gang exploits MOVEit vulnerability CVE-2023-34362
MOVEit Transfer: New vulnerability; patch urgently!
MOVEit Transfer: New security advisory and update (July 6, 2023)
Data leak at German Postbank and Deutsche Bank (blame MOVEit?)
MoveIT vendor Progress Software reports serious vulnerabilities in WS_FTP Server
Piriform CCleaner victim of MOVEit transfer vulnerability

Advertising
This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).