Authentication Bypass Vulnerability Affects MOVEit Transfer
CVE-2024-5806
Key Information:
- Vendor
- Progress
- Status
- Vendor
- CVE Published:
- 25 June 2024
Badges
Summary
An improper authentication vulnerability exists in the SFTP module of Progress MOVEit Transfer, potentially allowing an attacker to bypass authentication mechanisms. This flaw affects multiple versions of the product, posing significant security risks to users by enabling unauthorized access to sensitive data. Organizations utilizing MOVet Transfer in the mentioned versions are strongly advised to implement security updates and review their authentication protocols.
Affected Version(s)
MOVEit Transfer 2023.0.0 < 2023.0.11
MOVEit Transfer 2023.1.0 < 2023.1.6
MOVEit Transfer 2024.0.0 < 2024.0.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
New MOVEit critical bug sees swift exploitation attempts
The PoC exploit for the authentication bypass vulnerability is available; patch immediately.
New MOVEit critical bug sees swift exploitation attempts
The PoC exploit for the authentication bypass vulnerability is available; patch immediately.
Five things security teams need to know about the latest MOVEit Transfer bug
Here are five steps security teams can take to mitigate the threat from the latest MOVEit Transfer bug, CVE-2024-5806.
References
EPSS Score
90% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved