Platform
moveit-transfer
Component
moveit-transfer
Fixed in
2023.0.11
2023.1.6
2024.0.2
CVE-2024-5806 represents an Improper Authentication vulnerability within the SFTP module of Progress MOVEit Transfer. This flaw allows attackers to bypass authentication controls, potentially leading to unauthorized access and data breaches. The vulnerability impacts MOVEit Transfer versions ranging from 2023.0.0 through 2024.0.2. A fix is available in version 2024.0.2.
Successful exploitation of CVE-2024-5806 allows an attacker to bypass authentication mechanisms within the MOVEit Transfer SFTP module. This means an attacker can potentially access sensitive data stored within the MOVEit Transfer system without proper credentials. The scope of data access depends on the attacker's privileges after bypassing authentication, but could include confidential documents, financial records, and personally identifiable information (PII). Lateral movement within the network is possible if the MOVEit Transfer server has access to other systems, allowing the attacker to compromise additional assets. Given MOVEit Transfer's role in secure file transfer, this vulnerability poses a significant risk to organizations handling sensitive data.
CVE-2024-5806 was publicly disclosed on June 25, 2024. The CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released as of this writing, the ease of exploiting authentication bypass vulnerabilities suggests that a PoC could emerge quickly. Given the severity and the potential for widespread impact, organizations should prioritize patching.
Exploit Status
EPSS
89.94% (100% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-5806 is to immediately upgrade to version 2024.0.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the SFTP module to only authorized users and implement multi-factor authentication (MFA) where possible. Monitor MOVEit Transfer logs for suspicious activity, particularly failed login attempts and unusual file access patterns. Consider implementing a Web Application Firewall (WAF) with rules to detect and block attempts to exploit the authentication bypass. After upgrading, verify the fix by attempting to access the SFTP module with invalid credentials to confirm authentication is properly enforced.
Update MOVEit Transfer to the latest available version. Refer to the Progress security bulletin for specific instructions on how to apply the update and mitigate the vulnerability. It is recommended to apply the update as soon as possible to prevent potential attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5806 is a critical vulnerability in Progress MOVEit Transfer's SFTP module allowing attackers to bypass authentication and potentially gain unauthorized access to sensitive data.
If you are using MOVEit Transfer versions 2023.0.0 through 2024.0.2, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
The recommended fix is to upgrade to version 2024.0.2 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access and enabling MFA.
While no public exploits are currently known, the high CVSS score and ease of exploitation suggest a high probability of active exploitation. Proactive patching is crucial.
Refer to the official Progress MOVEit Transfer security advisory for CVE-2024-5806 on the Progress website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.