Progress Software Releases Critical Security Updates for MOVEit Transfer and MOVEit Gateway
Two improper authentication vulnerabilities can lead to authentication bypass
Summary
Two improper authentication vulnerabilities can lead to authentication bypass
Affected platforms
The following platforms are known to be affected:
Threat details
Progress have stated the following regarding MOVEit Cloud
"For customers on MOVEit Cloud, no further action is needed as the MOVEit Transfer patch has already been deployed to MOVEit Cloud. In addition, our MOVEit Cloud infrastructure is safeguarded against the recently disclosed third-party vulnerability through strict access controls on the underlying infrastructure.
MOVEit Cloud does not use MOVEit Gateway, so no further action is needed by MOVEit Cloud customers."
Introduction
Progress (formerly Ipswitch) has released a security update for two critical vulnerabilities found in the SFTP module of the MOVEit Transfer (CVE-2024-5806) and MOVEit Gateway (CVE-2024-5805) applications. MOVEit is a managed secure file transfer tool. The improper authentication vulnerability known as CVE-2024-5806 has a CVSSv3 score of 9.1 and can lead to authentication bypass in MOVEit Transfer. CVE-2024-3805 is also an improper authentication vulnerability with a CVSSv3 score of 9.1, which can lead to authentication bypass in MOVEit Gateway.
Exploitation of CVE-2024-5806 in the wild
Publicly available proof-of-concept code is available for CVE-2024-5806 and exploitation attempts have been reported in the wild.
In May 2023 Progress issued fixes for a critical vulnerability in their Managed File Transfer (MFT) software, MOVEit Transfer. Internet-facing MOVEit Transfer servers were targeted by multiple threat groups - including the cybercriminal group associated with CL0P ransomware - in a mass-exploitation campaign affecting hundreds of victim organisations, resulting in major disruption and data loss.
Internet-facing file transfer applications have become a popular target for ransomware and data-extortion groups, and rapidly patching vulnerable software should be considered of critical importance.
NHS England National CSOC has assessed a high likelihood that exploitation of this vulnerability will increase.
Threat updates
| Date | Update |
|---|---|
| 27 Jun 2024 |
Added details of CVE-2024-5805
CVE-2024-5805 is an authentication bypass vulnerability in Progress MOVEit Gateway. Details of this vulnerability and remediation steps have been added to this cyber alert. |
Remediation advice
Affected organisations are strongly encouraged to review the Progress Community MOVEit Transfer Critical Security Alert Bulletin June 2024 - CVE-2024-5806 (applies to MOVEit Transfer) and Progress Community MOVEit Gateway Critical Security Alert Bulletin June 2024 - CVE-2024-5805 (applies to MOVEit Gateway) and apply updates as soon as practicable.
Note: Progress also list in their advisory additional steps organisations can take to mitigate a vulnerability in a third-party component of MOVEit Transfer.
"A newly identified vulnerability in a third-party component used in MOVEit Transfer elevates the risk of the original issue mentioned above if left unpatched. While the patch distributed by Progress on June 11th successfully remediates the issue identified in CVE-2024-5806, this newly disclosed third-party vulnerability introduces new risk. Please work with your internal teams to take the following steps to mitigate the third-party vulnerability."
Affected organisations are also encouraged to apply additional mitigation steps addressing the third-party vulnerability as detailed in the Progress bulletin June 2024 - CVE-2024-5806.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 27 June 2024 1:19 pm