Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

New MOVEit Transfer critical bug is actively exploited

Experts warn of active exploitation of a critical authentication bypass vulnerability in MOVEit Transfer file transfer software. Progress Software addressed two critical authentication bypass vulnerabilities, tracked as CVE-2024-5805 and CVE-2024-5806, affecting its MOVEit Transfer file transfer software. The vulnerability CVE-2024-5805 (CVSS score 9.1) is an improper authentication vulnerability in Progress MOVEit Gateway (SFTP module) that allows authentication […]

Progress LoadMaster

Experts warn of active exploitation of a critical authentication bypass vulnerability in MOVEit Transfer file transfer software.

Progress Software addressed two critical authentication bypass vulnerabilities, tracked as CVE-2024-5805 and CVE-2024-5806, affecting its MOVEit Transfer file transfer software.

The vulnerability CVE-2024-5805 (CVSS score 9.1) is an improper authentication vulnerability in Progress MOVEit Gateway (SFTP module) that allows authentication bypass. The vulnerability was discovered by Max Hase, it impacts MOVEit Gateway: 2024.0.0.

The vulnerability CVE-2024-5806 (CVSS score 9.1) is also an improper authentication vulnerability that resides in the Progress MOVEit Transfer (SFTP module) that can lead to authentication bypass.

This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

The flaw CVE-2024-5806 was addressed with the release of versions 2023.0.11, 2023.1.6, and 2024.0.2. CVE-2024-5805 has been addressed with the release of version 2024.0.1. 

Progress highlighted that a recently discovered vulnerability in a third-party component raises the risk level for this CVE.

“We have addressed the MOVEit Transfer vulnerability and the Progress MOVEit team strongly recommends performing an upgrade to the latest version listed in the table below.” reads the advisory published Progress Software. “A newly identified vulnerability in a third-party component used in MOVEit Transfer elevates the risk of the original issue mentioned above if left unpatched. While the patch distributed by Progress on June 11th successfully remediates the issue identified in CVE-2024-5806, this newly disclosed third-party vulnerability introduces new risk. Please work with your internal teams to take the following steps to mitigate the third-party vulnerability.”

The company recommends customers mitigate third-party vulnerability by verifying they have blocked public inbound RDP access to MOVEit Transfer server(s), and limiting outbound access to only known trusted endpoints from MOVEit Transfer server(s).

Experts warned of exploitation attempts targeting the vulnerability CVE-2024-5806.

WatchTowr researchers published a detailed analysis of the flaw CVE-2024-5806, they added that Progress has been proactively contacting customers for weeks or months to ensure they address the CVE-2024-5806.

“Clearly, this is a serious vulnerability. It is also somewhat difficult to diagnose, given the knowledge of the SSH protocol and a considerable .NET reverse-engineering effort required.” reads the advisory published by WatchTowr. “However, the presence of the Illegal characters in path exception should grab the attention of any other researchers who are searching for the vulnerability, and the relative simplicity of exploitation lends itself to ‘accidental’ discovery.”

Researchers at Shadowserver Foundation also reported observing exploitation attempts for CVE-2024-5806 and urge customers to address it.

Users can track Progress MOVEit Transfer exposed instances through the Shadowserver dashboard. At the time of this writing, there are more than 1,700 internet-facing instances, most of them in the US.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Progress MOVEit Transfer)