Progress Software Releases Security Update for MOVEit Transfer

An improper authentication vulnerability can lead to privilege escalation

Threat ID:: CC-4533
Threat Severity:: Medium
Published:: 1 August 2024 2:05 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

An improper authentication vulnerability can lead to privilege escalation

Affected platforms

The following platforms are known to be affected:

Progress (formerly Ipswitch) MOVEit Transfer

2023.0.0 to 2023.0.12
2023.1.0 to 2023.1.7
2024.0.0 to 2024.0.3

Threat details

Progress have stated the following regarding MOVEit Cloud

“Note that MOVEit Cloud has already been upgraded to the patched version, so no further action is needed by MOVEit Cloud customers.”

Introduction

Progress (formerly Ipswitch) has released a security update for a vulnerability in the SFTP module of the MOVEit Transfer application. MOVEit is a managed secure file transfer tool.

CVE-2024-6576 has a CVSSv3 score of 7.3 and can lead to privilege escalation in MOVEit Transfer.

Remediation advice

Affected organisations are encouraged to review the Progress Community MOVEit Transfer Critical Security Alert Bulletin July 2024 - CVE-2024-6576 (applies to MOVEit Transfer) and apply updates as soon as practicable.

Definitive source of threat updates

https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576

CVE Vulnerabilities

Status Published

CVE-2024-6576

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation. This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.

Last edited: 1 August 2024 2:05 pm