Another vulnerability in Progress Software's MoveIt Transfer product is under attack amid an apparent leak of flaw.
In security alerts published on Tuesday, Progress detailed two critical improper authentication vulnerabilities, one tracked as CVE-2024-5806 affecting its MoveI Transfer Product and another assigned CVE-2024-5805 in its MoveItGateway product.
Reports of exploitation against CVE-2024-5806 are mounting and it's crucial to patch based on past attacks.
Last year, the Clop ransomware group claimed thousands of MoveIt Transfer customers by exploiting a different zero-day vulnerability in the managed file transfer product.
The Shadowserver Foundation, a non-profit cybersecurity organization, began observing exploitation attempts against CVE-2024-5806 on Tuesday.
The organization emphasized that exploitation started promptly following public disclosure, a trend that's become increasingly concerning for the infosec industry.
Progress released fixes for both flaws on June 11 and urged users to upgrade to the latest MoveIt versions.
Progress clarified the disclosure timeline in a statement to TechTarget Editorial on Tuesday.
Progress said it still has not received reports of exploitation as of Wednesday.
Just prior to Progress Software's public disclosure of CVE-2024-5806 on Tuesday, cybersecurity vendor WatchTowr Labs revealed in a blog post that an anonymous source, who goes by the handle dav1d b141ne, had previously published details about the vulnerability in an internet relay chat.
According to a chat transcript sent to WatchTowr, dav1d b141ne said that Progress Software was contacting customers regarding an improper authentication bypass vulnerability in its MoveIt Transfer product.
While testing the vulnerability, WatchTowr researchers concluded that the issue involves two separate vulnerabilities: one in Progress MoveIt and one in a third-party library for IPWorks SSH server.
WatchTowr stressed that the vulnerability resulted from the interplay between MoveIt and IPWorks SSH, specifically a failure to handle an error condition.
WatchTowr researchers stressed that this type of vulnerability is not easily discoverable, and it remains unclear how Progress Software and dav1d b141ne discovered it.
WatchTowr applauded Progress Software on the condition that it found the vulnerability during a routine code review and analyzed the root cause.
Progress Software has since removed 'limited scenarios' language from the advisory.
WatchTowr also applauded Progress Software's private disclosure process with customers that may have been ongoing for weeks or months.
Ryan Emmons, lead security researcher at Rapid7, also addressed the vulnerabilities in an blog post published on Tuesday and warned exploitation could lead to an authentication bypass.
While testing a vulnerable MoveIt Transfer instance, Emmons said Rapid7 researchers discovered three concerning risks.
Cailtin Condon, director of vulnerability research and intelligence at Rapid7, told TechTarget Editorial that the security vendor had not received reports of exploitation as of Wednesday.
This Cyber News was published on www.techtarget.com. Publication date: Wed, 26 Jun 2024 19:13:05 +0000