MOVEit Transfer Vulnerability Being Exploited Now Patched
In light of recent cyber security events, a MOVEit transfer vulnerability has been actively exploited. As per recent media reports, the exploitation attempts began to surface when the details of the bug were publicly disclosed. The MOVEit file transfer vulnerability, when exploited by threat actors, can lead to authentication bypass.
In this article, we’ll discover what the vulnerability is and safety measures that can be deployed to ensure protection against it.
CVE-2024-5806: MOVEit Transfer Vulnerability
The MOVEit transfer vulnerability, being tracked as CVE-2024-5806, has been given a critical vulnerability severity score (CVSS) of 9.1. Such an high severity score is due to an authentication bypass impacting versions:
- From 2023.0.0 before 2023.0.11
- From 2023.1.0 before 2023.1.6, and
- From 2024.0.0 before 2024.0.2
In a recent advisory issued by the organization it has been discovered that the vulnerability lies within its SFTP module. Prior to this, the organization had also addressed another vulnerability, CVE-2024-5805, CVSS score: 9.1, that also led to an authentication bypass.
MOVEit Transfer Vulnerability’s Attack Severity
In light of the recent exploits, watchTowr Labs has published specific details about CVE-2024-5806. Expert researchers Aliz Hammond and Sina Kheirkhah have stated that this vulnerability can be exploited to impersonate users on the surface.
Details shared by the organization further clarify that the flaw is indeed to separate vulnerabilities. One of them is related to the Progress MOVEit and the other is related to IPWorks SSH library. In addition, researchers have stated that:
“While the more devastating vulnerability, the ability to impersonate arbitrary users, is unique to MOVEit, the less impactful (but still very real) forced authentication vulnerability is likely to affect all applications that use the IPWorks SSH server”
To shed further light on the incident, a spokesperson from Progress Software has said that:
“Currently, we have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct operational impact to customers. To be clear, these vulnerabilities are not related to the zero-day MOVEit Transfer vulnerability we reported in May 2023.”
Progress Software’s Mitigation Efforts
An initial advisory pertaining to the MOVEit transfer vulnerability was issued by Progress Software. Apart from the advisory, the company has also released a patch for the vulnerability and is working with customers to resolve any issues they may be experiencing.
They also issued an updated advisory pertaining to the patch and the vulnerability. An excerpt from the updated advisory reads “newly identified vulnerability in a third-party component used in MOVEit Transfer elevates the risk of the original issue mentioned above if left unpatched.”
Media reports have cited WatchTower claiming that a technical examination of the issue was conducted. As per the examination, Progress has made significant efforts to ensure that the customers deploy the patches. In addition, these cybersecurity experts do not believe that users are still vulnerable to the attack.
Conclusion
The MOVEit Transfer vulnerability CVE-2024-5806 has been addressed with a critical patch. Progress Software’s proactive measures and ongoing support highlight the importance of swift action in cybersecurity, ensuring users remain protected from potential threats. Implementing proactive cybersecurity measures is essential for safeguarding against such attacks and for improving the overall security posture.
The sources for this piece include The Hacker News and The Record.
