Plataforma
moveit-transfer
Componente
moveit-transfer
Corrigido em
2023.0.11
2023.1.6
2024.0.2
CVE-2024-5806 represents an Improper Authentication vulnerability within the SFTP module of Progress MOVEit Transfer. This flaw allows attackers to bypass authentication controls, potentially leading to unauthorized access and data breaches. The vulnerability impacts MOVEit Transfer versions ranging from 2023.0.0 through 2024.0.2. A fix is available in version 2024.0.2.
Successful exploitation of CVE-2024-5806 allows an attacker to bypass authentication mechanisms within the MOVEit Transfer SFTP module. This means an attacker can potentially access sensitive data stored within the MOVEit Transfer system without proper credentials. The scope of data access depends on the attacker's privileges after bypassing authentication, but could include confidential documents, financial records, and personally identifiable information (PII). Lateral movement within the network is possible if the MOVEit Transfer server has access to other systems, allowing the attacker to compromise additional assets. Given MOVEit Transfer's role in secure file transfer, this vulnerability poses a significant risk to organizations handling sensitive data.
CVE-2024-5806 was publicly disclosed on June 25, 2024. The CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released as of this writing, the ease of exploiting authentication bypass vulnerabilities suggests that a PoC could emerge quickly. Given the severity and the potential for widespread impact, organizations should prioritize patching.
Organizations heavily reliant on MOVEit Transfer for secure file transfer, particularly those handling sensitive data such as financial records or PII, are at significant risk. Shared hosting environments where multiple customers share a MOVEit Transfer instance are also particularly vulnerable, as a compromise of one customer's account could potentially expose data for other customers.
• linux / server: Monitor /opt/moveit/domain/logs/moveit.log for authentication errors and unusual SFTP activity. Use journalctl -u moveit-transfer to review system logs for suspicious events.
journalctl -u moveit-transfer -f | grep "Authentication failed"• generic web: Use curl to test SFTP endpoints with invalid credentials and observe the response. Look for responses that do not properly enforce authentication.
curl -v -u 'invalid_user:invalid_password' sftp://your-moveit-server/• windows / supply-chain: Examine scheduled tasks related to MOVEit Transfer for any unusual or unauthorized entries. Use Get-ScheduledTask to list tasks and Get-ScheduledTaskInfo to examine details.
disclosure
Status do Exploit
EPSS
89.94% (percentil 100%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-5806 is to immediately upgrade to version 2024.0.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the SFTP module to only authorized users and implement multi-factor authentication (MFA) where possible. Monitor MOVEit Transfer logs for suspicious activity, particularly failed login attempts and unusual file access patterns. Consider implementing a Web Application Firewall (WAF) with rules to detect and block attempts to exploit the authentication bypass. After upgrading, verify the fix by attempting to access the SFTP module with invalid credentials to confirm authentication is properly enforced.
Atualize o MOVEit Transfer para a última versão disponível. Consulte o boletim de segurança da Progress para obter instruções específicas sobre como aplicar a atualização e mitigar a vulnerabilidade. É recomendável aplicar a atualização o mais rápido possível para evitar possíveis ataques.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-5806 is a critical vulnerability in Progress MOVEit Transfer's SFTP module allowing attackers to bypass authentication and potentially gain unauthorized access to sensitive data.
If you are using MOVEit Transfer versions 2023.0.0 through 2024.0.2, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
The recommended fix is to upgrade to version 2024.0.2 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access and enabling MFA.
While no public exploits are currently known, the high CVSS score and ease of exploitation suggest a high probability of active exploitation. Proactive patching is crucial.
Refer to the official Progress MOVEit Transfer security advisory for CVE-2024-5806 on the Progress website.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.