Plataforma
moveit-transfer
Componente
moveit-gateway
Corrigido em
2024.0.1
CVE-2024-5805 describes an Improper Authentication vulnerability within Progress MOVEit Gateway's SFTP modules. This flaw allows attackers to bypass authentication controls, leading to potential unauthorized access and data breaches. The vulnerability impacts MOVEit Gateway versions 2024.0.0 and 2024.0.1. A patch is available in version 2024.0.1.
The Authentication Bypass vulnerability in MOVEit Gateway allows an attacker to circumvent authentication mechanisms, effectively gaining access to the system without proper credentials. This could enable unauthorized data exfiltration, modification, or deletion. Successful exploitation could lead to a complete compromise of the MOVEit Gateway instance and potentially the underlying systems it connects to. Given MOVEit's role in secure file transfer, the potential impact is significant, particularly for organizations handling sensitive data like financial records, intellectual property, or personal information. The severity is amplified by the potential for lateral movement within the network if the Gateway is not properly segmented.
CVE-2024-5805 was publicly disclosed on June 25, 2024. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released as of this writing, the ease of exploitation inherent in an authentication bypass vulnerability suggests a high likelihood of rapid PoC development and subsequent exploitation attempts. The vulnerability is not currently listed on CISA KEV, but given its severity, it may be added in the future.
Organizations heavily reliant on MOVEit Gateway for secure file transfers, particularly those handling sensitive data such as financial institutions, healthcare providers, and government agencies, are at significant risk. Those using MOVEit Gateway in cloud environments or shared hosting configurations should be especially vigilant, as these deployments may have increased exposure.
• linux / server: Monitor /opt/moveit/gateway/logs/moveit.log for authentication errors or unusual login patterns. Use journalctl -u moveit-gateway to check for related errors.
journalctl -u moveit-gateway | grep -i "authentication failed"• generic web: Use curl to test SFTP endpoints with invalid credentials and observe the response. Look for responses that do not properly enforce authentication.
curl -v -u 'invalid_user:invalid_password' sftp://your_moveit_gateway_ip/ # Check for successful connection despite invalid credentialsdisclosure
Status do Exploit
EPSS
0.65% (percentil 71%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-5805 is to immediately upgrade to MOVEit Gateway version 2024.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the SFTP modules to trusted networks or users. Monitor SFTP logs for unusual activity and implement stricter authentication policies. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the authentication endpoints. No specific Sigma or YARA rules are currently available, but monitoring for unusual authentication attempts is crucial.
Atualize o MOVEit Gateway para a versão 2024.0.1 ou posterior. Consulte o boletim de segurança da Progress para obter instruções detalhadas sobre a atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-5805 is a critical vulnerability in Progress MOVEit Gateway's SFTP modules that allows attackers to bypass authentication, potentially gaining unauthorized access to sensitive data.
If you are running MOVEit Gateway versions 2024.0.0 or 2024.0.1, you are affected by this vulnerability. Immediate action is required.
Upgrade to MOVEit Gateway version 2024.0.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like restricting access.
While no public exploits are currently available, the high severity and ease of exploitation suggest a high likelihood of exploitation attempts.
Refer to the official Progress MOVEit security advisory for details: [https://success.progress.com/app/kb/articles/193600](https://success.progress.com/app/kb/articles/193600)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.