Progress Software has disclosed two fresh vulnerabilities in its MOVEit file transfer products.
The first is an authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration.
It affects the Secure File Transfer Protocol service from version 2023.0.0 to 2023.0.11, 2023.1.0 to 2023.1.6 and 2024.0.0 to 2024.0.2.
The second is an SFTP-associated authentication bypass vulnerability affecting MOVEit Gateway from version 2024.0.0.
Both have been registered as high-severity flaws, with a CVSS score of 9.1.
Attackers could exploit these improper authentication vulnerabilities to bypass SFTP authentication and gain access to MOVEit Transfer and Gateway, said a Progress security advisory published on June 25.
Cybersecurity firm Rapid7 analyzed typical exploitation patterns in a recent blog post.
Rapid7 also observed that installers for the patched version of the MOVEit Transfer have been available on VirusTotal since at least June 11, 2024.
Vulnerability details and proof-of-concept exploit code are publicly available for CVE-2024-5806.
The Shadowserver Foundation has reported exploit attempts against its honeypots as of the evening of June 25.
Rapid7 recommended installing the patches provided by Progress for CVE-2024-5806 on an emergency basis, without waiting for a regular patch cycle.
This new incident comes months after a series of vulnerabilities in the MOVEit product range were detected, which led to numerous software attempted supply chain attacks in 2023, many of which were successful and impacted organizations worldwide.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 26 Jun 2024 19:10:06 +0000