Progress Patches New Privilege Escalation Flaw in MOVEit File Transfer

Home/BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update, Tips, vulnerability/Progress Patches New Privilege Escalation Flaw in MOVEit File Transfer

Progress Patches New Privilege Escalation Flaw in MOVEit File Transfer

Progress, the company behind MOVEit Transfer, has issued a critical security alert for a newly discovered vulnerability in its product. The flaw, CVE-2024-6576, is classified as high-severity with a CVSS score of 7.3, indicating significant user risk.

CVE-2024-6576- Privilege Escalation Flaw in MOVEit File Transfer

The vulnerability in MOVEit Transfer’s SFTP module arises from improper authentication, potentially allowing attackers to escalate privileges. It affects versions:

  • 2023.0.0 before 2023.0.12
  • 2023.1.0 before 2023.1.7
  • 2024.0.0 before 2024.0.3

Progress strongly advises all affected customers to upgrade to the latest patched versions to mitigate this security risk.

The table below provides the fixed versions available for download:

Fixed VersionDocumentationRelease Notes
MOVEit Transfer 2024.0.3 (16.0.3)Install and upgrade guideRelease Notes 2024.0
MOVEit Transfer 2023.1.7 (15.1.7)Install and upgrade guideRelease Notes 2023.1
MOVEit Transfer 2023.0.12 (15.0.12)Install and upgrade guideRelease Notes 2023.0

Steps to Upgrade

To upgrade:

  1. Log in to the Progress Community Download Center using your Progress ID.
  2. Select the appropriate asset from the “My Active” tab.
  3. Click the download link in the “Related Products & Downloads” section.
  4. Download the fixed version listed above.

For questions or concerns, open a new Technical Support case via the Progress Community. Customers without a current maintenance agreement should contact the Progress Renewals team or their Progress partner account representative.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!