Cybersecurity Threat Advisory: MOVEit Transfer vulnerability exploit
Progress Software has released a patch for a high-severity vulnerability in MOVEit Transfer, identified as CVE-2024-5806. This vulnerability is currently under active attack and allows attackers to bypass authentication mechanisms. Organizations using MOVEit Transfer should review this Cybersecurity Threat Advisory and apply the patch immediately to prevent potential damage.
What is the threat?
CVE-2024-5806 is an authentication bypass vulnerability affecting the SSH File Transfer Protocol (SFTP) module in Progress MOVEit Transfer. This vulnerability allows an attacker to gain unauthorized access to the MOVEit Transfer application by exploiting a flaw in the authentication mechanism. The flaw can be exploited remotely, enabling attackers to bypass security controls and gain access to sensitive data and functionality within the application. According to the advisory from Progress, customers using MOVEit Cloud environments have already been patched and are not vulnerable.
There are also some barriers for exploitation, such as the attacker needing to know a valid username on the system and being able to bypass any IP-based restrictions that an organization may have in place.
Why is it noteworthy?
This vulnerability is noteworthy due to its high severity and the active exploitation in the wild. Authentication bypass vulnerabilities are especially concerning because they undermine the fundamental security principle of access control. This allows attackers to circumvent security measures that are typically relied upon to protect sensitive information. The fact that this vulnerability is being actively exploited increases the urgency for organizations to respond quickly to mitigate potential damage.
What is the exposure or risk?
The risk posed by CVE-2024-5806 is significant for organizations using MOVEit Transfer. If exploited, attackers could gain unauthorized access to sensitive data, disrupt business operations, and compromise the integrity and confidentiality of critical information. The vulnerability’s remote exploitability means that attackers do not need physical access to the system, increasing the pool of potential attackers. Attackers could access, modify, or delete files, as well as potentially leverage the compromised application to move laterally within the network.
What are the recommendations?
Barracuda MSP recommends the following actions to mitigate your potential impact:
- Update all instances of MOVEit Transfer with the latest patch provided by Progress Software to address CVE-2024-5806. The following table reflects the affected and patched versions:
Affected Versions | Patched Version |
2023.0.0 before 2023.0.11 | 2023.0.11 |
2023.1.0 before 2023.1.6 | 2023.1.6 |
2024.0.0 before 2024.0.2 | 2024.0.2 |
References
For more in-depth information about the recommendations, please visit the following links:
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.