Critical Vulnerability in MOVEit Transfer Allowed Hackers to Access Files

Home/BOTNET, Exploitation, Internet Security, Security Advisory, Security Update, vulnerability/Critical Vulnerability in MOVEit Transfer Allowed Hackers to Access Files

Critical Vulnerability in MOVEit Transfer Allowed Hackers to Access Files

A critical vulnerability, CVE-2024-5806, in MOVEit Transfer software poses severe risks to organizations relying on it for secure data transfers. This flaw, found in versions 2023.0.0 to 2023.0.10, 2023.1.0 to 2023.1.5, and 2024.0.0 to 2024.0.1, allows attackers to bypass authentication and gain administrative access by sending specially crafted requests due to improper validation of user input during authentication.

CVE-2024-5806

Progress strongly urges all MOVEit Transfer customers using the affected versions to upgrade immediately to the latest patched versions:

  • MOVEit Transfer 2023.0.11
  • MOVEit Transfer 2023.1.6
  • MOVEit Transfer 2024.0.2

Researchers at Rapid7 have confirmed the exploit and demonstrated an authentication bypass on vulnerable, unpatched versions of MOVEit Transfer and MOVEit Gateway.

The Improper Authentication vulnerability in MOVEit Transfer’s SFTP module allows attackers to bypass authentication mechanisms, potentially leading to data breaches and theft of sensitive information. Researchers at watchTowr initially disclosed and analyzed the vulnerability.

Customers should upgrade to the patched versions of MOVEit Transfer using the full installer to mitigate the risk. The upgrade process will cause a system outage.

MOVEit Cloud customers are not affected, as the patch has been deployed to the cloud infrastructure. MOVEit Cloud is also protected against third-party vulnerabilities through strict access controls on the underlying infrastructure.

Mitigation

To mitigate the third-party vulnerability, Progress recommends the following steps:

  1. Block public inbound RDP access to MOVEit Transfer servers.
  2. Limit outbound access from MOVEit Transfer servers to known trusted endpoints.
  3. Progress will provide the third-party vendor’s fix to MOVEit Transfer customers once it is released.

Progress has acknowledged the severity of CVE-2024-5806 and is actively collaborating with customers to promptly address the vulnerability. Detailed guidance on applying the patch and securing affected systems has been provided by the company.

Customers are encouraged to subscribe to the Progress Alert and Notification Service (PANS) via the Progress Community Portal to receive email notifications for future product and security updates. For more information and frequently asked questions, customers can visit Progress’s FAQ page on Alert Notifications.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-07-01T21:49:22+05:30 June 26th, 2024|BOTNET, Exploitation, Internet Security, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!