Freshly Revealed MOVEit Vulnerability Exploited Within Hours

June 25, 2024

A significant security flaw, CVE-2024-5806, in Progress Software's MOVEit Transfer software is being actively exploited by cyberattackers. This comes just hours after its public disclosure. MOVEit Transfer, a large-scale enterprise application for file sharing and collaboration, was notably targeted last year in a series of Cl0p ransomware attacks. These attacks affected at least 160 victims, including British Airways, the state of Maine, Siemens, UCLA, and others, significantly impacting the findings of this year's 'Data Breach Investigations Report' from Verizon.

This newly revealed vulnerability (CVE-2024-5806) is an improper authentication issue in MOVEit's SFTP module. According to Progress' security advisory, this flaw 'can lead to authentication bypass in limited scenarios.' It affects multiple versions of MOVEit Transfer. Administrators are urged to patch the issue immediately, as the ability to access internal files at Fortune 1000 companies is a tempting prospect for any espionage-minded advanced persistent threat (APT).

The nonprofit Shadowserver Foundation noted that exploit attempts were observed 'very shortly after vulnerability details were published.' The foundation also reported that at least 1,800 exposed instances of the software are online, although not all are vulnerable.

Although Progress did not provide any details on the bug, researchers at watchTowr described the vulnerability as 'truly bizarre' and outlined two potential attack scenarios. In one, an attacker could use a malicious SMB server and a valid username to perform 'forced authentication.' In a more dangerous scenario, a threat actor could impersonate any user on the system. As stated in watchTowr's post, an attacker could 'upload our SSH public key to the server without even logging in, and then use that key material to allow us to authenticate as anyone we want...From here, we can do anything the user can do — including reading, modifying, and deleting previously protected and likely sensitive data.'

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.