MOVEit Transfer Improper Authentication

Published on 26-Jun-2024
Updated:
17-Jan-2025
Status:
 
Closed
CVEs:
CVE-2024-5806

Fortra is actively researching an improper authentication vulnerability in MOVEit Transfer – CVE-2024-5806. This vulnerability in the SFTP Module of Progress MOVEit Transfer can lead to authentication bypass. Customers can upgrade to a patched release to mitigate this vulnerability.

Who is affected?

This vulnerability impacts the following versions of MOVEit Transfer.

  • MOVEit Transfer 2023.0.0 before 2023.0.11
  • MOVEit Transfer 2023.1.1 before 2023.1.6
  • MOVEit Transfer 2024.0.0 before 2024.0

What can I do?

Progress has addressed the vulnerability and recommends upgrading to one of the following latest versions.

  • MOVEit Transfer 2023.0.11
  • MOVEit Transfer 2023.1.6
  • MOVEit Transfer 2024.0.2

For more information about this vulnerability and upgrade details, refer to the Progress security advisory.

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities. The following detection is currently available.

Alert Logic Network IDS: Alert Logic released IDS signatures to detect public key injection attempts via HTTP.

Alert Logic Vulnerability Scanning: Alert Logic released agent-based scan coverage on June 29, 2024, and authenticated scan coverage on June 6, 2024, to check for vulnerable hosts. If the vulnerability is found, an exposure (EID: 267763) will be raised for CVE-2024-24919.

Alert Logic Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.

FortraVM: FortraVM released authenticated scan coverage on July 11, 2024, via scanner version 4.46.0. If the vulnerability is found, vulnerability 160122 "Progress MOVEit Transfer Improper Authentication Vulnerability (High)" will be raised. 

Tripwire IP360: Tripwire released remote and authenticated scan coverage on July 16, 2024, to identify vulnerable instances. If the vulnerability is found, Tripwire vulnerability 644609 will match for CVE-2024-5806.

Updates

Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.

06/26/2024: Alert Logic released log telemetry related to known IOCs.

06/29/2024: Alert Logic released agent-based scan coverage to check for vulnerable hosts.

07/01/2024: Alert Logic released authenticated scan coverage to check for vulnerable hosts.

07/05/2024: Alert Logic released IDS signatures to detect public key injection attempts via HTTP.

07/11/2024: FortraVM released authenticated scan coverage to check for vulnerable hosts.

07/16/2024: Tripwire released remote and authenticated scan coverage to identify vulnerable instances.

Recent Emerging Threats
:
CrushFTP Authentication Bypass
:
Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates
:
Multiple Vulnerabilities Impacting rsync
:
Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes
:
FortiOS & FortiProxy: Authentication Bypass in Node.js Websocket Module
Security Alerts in Your Inbox. We will watch for emerging threats; you can watch for our email.