Another MOVEit vulnerability: PATCH immediately!

In Data Breach News, Vulnerabilities
June 26, 2024

Once again, threat actors are jumping to exploit a newly identified vulnerability in Progress MOVEit Transfer software. As Bleeping Computer reports, exploit attempts were noted less than 24 hours after the vendor disclosed the vulnerability.

The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol (SFTP) module, which is responsible for file transfer operations over SSH.

An attacker leveraging this flaw could access sensitive data stored on the MOVEit Transfer server, upload, download, delete, or modify files, and intercept or tamper with file transfers.

The Register provides additional details:

Progress Software initially contacted users on June 13 about CVE-2024-5805 and CVE-2024-5806, both of which it classifies as authentication bypass-style vulnerabilities, each carrying a critical 9.1 severity score. 

The information was under embargo until June 25 to allow adequate time for patching, which was probably a good call given that 2,773 organizations were breached by Cl0p in last year’s MOVEit-related disaster, per Emsisoft’s tracker.

If you use the products and haven’t patched yet, you would be wise to patch urgently.