A new serious vulnerability security that affects Progress Software MOVEit Transfer is already subject to attempted exploitation shortly after the details of the bug were publicly disclosed.
Problems discovered in the MOVEit Transfer platform
The vulnerability, identified as CVE-2024-5806 (CVSS score: 9.1), involves an authentication bypass that affects the following versions:
- From version 2023.0.0 to 2023.0.11
- From version 2023.1.0 to 2023.1.6
- From version 2024.0.0 to 2024.0.2
The company has declared in an advisory published on Tuesday that improper authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to authentication bypass.
Progress also has Resolved another critical vulnerability associated with SFTP authentication (CVE-2024-5805, CVSS score: 9.1) affecting MOVEit Gateway version 2024.0.0.
Successful exploitation of these vulnerabilities could allow attackers to bypass SFTP authentication and gain access to systems MOVEit Transfer and Gateways.
Cyber security researchers’ analyzes regarding the MOVEit Transfer platform
watchTowr Labs has published further technical details about CVE-2024-5806, with security researchers Aliz Hammond and Sina Kheirkhah noting the ability to impersonate any user on the server.
The cybersecurity company also has described the vulnerability as composed of two separate vulnerabilities, one in Progress MOVEit and another in the library IPWorks SSH.
![](https://tech.icrewplay.com/wp-content/uploads/2024/06/e5434898ee569b20b3e1aac6c3c36ca2-1024x576.webp)
Progress Software said the flaw in the third-party component “increases the risk of the original issue” if left unpatched, urging customers to take the following two steps:
- Block incoming public RDP access to MOVEit Transfer servers.
- Restrict outbound access to only endpoints known and trusted by MOVEit Transfer servers.
According to Rapid7, there are three prerequisites to exploit CVE-2024-5806: Attackers must know a existing usernamethe target account must be remotely authenticableand the SFTP service must be publicly accessible on the Internet; In short it must be a domain made clear, so that it is accessible and the user’s name (or username) is known.
The collection of data and various reports on the MOVEit Transfer platform
As of June 25, i Collected data from Censys show that there are approximately 2,700 instances of MOVEit Transfer online, most of which are located in the US, UK, Germany, Netherlands, Canada, Switzerland, Australia, France, Ireland and in Denmark.
With another critical issue in MOVEit Transfer widely exploited in a series of Cl0p ransomware attacks last year (CVE-2023-34362CVSS score: 9.8), it is essential that users update quickly to the latest versions.
Development on the security flaw of the well-known transfer platform
The development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that its Chemical Security Assessment Tool (CSAT) was targeted in early January by an unidentified cybercriminal (or a group of cyber criminals) exploiting security vulnerabilities in the Ivanti Connect Secure (ICS) appliance (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893).
![](https://tech.icrewplay.com/wp-content/uploads/2024/06/moveit2-1024x655.png)
“The intrusion may have resulted in potential unauthorized access to Top-Screen Surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Security Program (PSP) Presentations, and CSAT User Accounts“, the agency stated, adding that no indications of sensitive data exfiltration were found.
Conclusion
In conclusion, it can be said that the flaw in MOVEit Transfer, even if (according to CISA), did not lead to leaks of sensitive user data, However, it should be reiterated that one should not trust them anyway, because even agencies, no matter how “strong” they are, are not perfect and you may need to take an extra step to protect your data.
In a world where even large companies can be flawed from an IT point of view it’s up to the user to take the first step to defend themselves.
#MOVEit #security #hole #platform