Platform
moveit-transfer
Component
moveit-gateway
Fixed in
2024.0.1
CVE-2024-5805 describes an Improper Authentication vulnerability within Progress MOVEit Gateway's SFTP modules. This flaw allows attackers to bypass authentication controls, leading to potential unauthorized access and data breaches. The vulnerability impacts MOVEit Gateway versions 2024.0.0 and 2024.0.1. A patch is available in version 2024.0.1.
The Authentication Bypass vulnerability in MOVEit Gateway allows an attacker to circumvent authentication mechanisms, effectively gaining access to the system without proper credentials. This could enable unauthorized data exfiltration, modification, or deletion. Successful exploitation could lead to a complete compromise of the MOVEit Gateway instance and potentially the underlying systems it connects to. Given MOVEit's role in secure file transfer, the potential impact is significant, particularly for organizations handling sensitive data like financial records, intellectual property, or personal information. The severity is amplified by the potential for lateral movement within the network if the Gateway is not properly segmented.
CVE-2024-5805 was publicly disclosed on June 25, 2024. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released as of this writing, the ease of exploitation inherent in an authentication bypass vulnerability suggests a high likelihood of rapid PoC development and subsequent exploitation attempts. The vulnerability is not currently listed on CISA KEV, but given its severity, it may be added in the future.
Exploit Status
EPSS
0.65% (71% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-5805 is to immediately upgrade to MOVEit Gateway version 2024.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the SFTP modules to trusted networks or users. Monitor SFTP logs for unusual activity and implement stricter authentication policies. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the authentication endpoints. No specific Sigma or YARA rules are currently available, but monitoring for unusual authentication attempts is crucial.
Update MOVEit Gateway to version 2024.0.1 or later. See the Progress security bulletin for detailed update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5805 is a critical vulnerability in Progress MOVEit Gateway's SFTP modules that allows attackers to bypass authentication, potentially gaining unauthorized access to sensitive data.
If you are running MOVEit Gateway versions 2024.0.0 or 2024.0.1, you are affected by this vulnerability. Immediate action is required.
Upgrade to MOVEit Gateway version 2024.0.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like restricting access.
While no public exploits are currently available, the high severity and ease of exploitation suggest a high likelihood of exploitation attempts.
Refer to the official Progress MOVEit security advisory for details: [https://success.progress.com/app/kb/articles/193600](https://success.progress.com/app/kb/articles/193600)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.