ClickCease MOVEit Transfer Vulnerability Being Exploited Now Patched - TuxCare

Table of Contents

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

MOVEit Transfer Vulnerability Being Exploited Now Patched

by Wajahat Raja

July 11, 2024 - TuxCare expert team

In light of recent cyber security events, a MOVEit transfer vulnerability has been actively exploited. As per recent media reports, the exploitation attempts began to surface when the details of the bug were publicly disclosed. The MOVEit file transfer vulnerability, when exploited by threat actors, can lead to authentication bypass.

In this article, we’ll discover what the vulnerability is and safety measures that can be deployed to ensure protection against it.

CVE-2024-5806: MOVEit Transfer Vulnerability

The MOVEit transfer vulnerability, being tracked as CVE-2024-5806, has been given a critical vulnerability severity score (CVSS) of 9.1. Such an high severity score is due to an authentication bypass impacting versions:

  • From 2023.0.0 before 2023.0.11
  • From 2023.1.0 before 2023.1.6, and
  • From 2024.0.0 before 2024.0.2

In a recent advisory issued by the organization it has been discovered that the vulnerability lies within its SFTP module. Prior to this, the organization had also addressed another vulnerability, CVE-2024-5805, CVSS score: 9.1, that also led to an authentication bypass.

MOVEit Transfer Vulnerability’s Attack Severity

In light of the recent exploits, watchTowr Labs has published specific details about CVE-2024-5806. Expert researchers Aliz Hammond and Sina Kheirkhah have stated that this vulnerability can be exploited to impersonate users on the surface.

Details shared by the organization further clarify that the flaw is indeed to separate vulnerabilities. One of them is related to the Progress MOVEit and the other is related to IPWorks SSH library. In addition, researchers have stated that:

“While the more devastating vulnerability, the ability to impersonate arbitrary users, is unique to MOVEit, the less impactful (but still very real) forced authentication vulnerability is likely to affect all applications that use the IPWorks SSH server”

To shed further light on the incident, a spokesperson from Progress Software has said that:

“Currently, we have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct operational impact to customers. To be clear, these vulnerabilities are not related to the zero-day MOVEit Transfer vulnerability we reported in May 2023.”

Progress Software’s Mitigation Efforts

An initial advisory pertaining to the MOVEit transfer vulnerability was issued by Progress Software. Apart from the advisory, the company has also released a patch for the vulnerability and is working with customers to resolve any issues they may be experiencing.

They also issued an updated advisory pertaining to the patch and the vulnerability. An excerpt from the updated advisory reads “newly identified vulnerability in a third-party component used in MOVEit Transfer elevates the risk of the original issue mentioned above if left unpatched.” 

Media reports have cited WatchTower claiming that a technical examination of the issue was conducted. As per the examination, Progress has made significant efforts to ensure that the customers deploy the patches. In addition, these cybersecurity experts do not believe that users are still vulnerable to the attack.

Conclusion

The MOVEit Transfer vulnerability CVE-2024-5806 has been addressed with a critical patch. Progress Software’s proactive measures and ongoing support highlight the importance of swift action in cybersecurity, ensuring users remain protected from potential threats. Implementing proactive cybersecurity measures is essential for safeguarding against such attacks and for improving the overall security posture.

The sources for this piece include The Hacker News and The Record.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer