June 26, 2024 at 10:59AM
Threat actors are actively exploiting a critical authentication bypass flaw in Progress MOVEit Transfer, enabling them to access sensitive data and manipulate file transfers. Exploitation attempts have been observed, with approximately 2,700 internet-exposed instances identified. Mitigation measures, security updates, and patches have been released, urging organizations to take immediate action.
Summary:
– Progress MOVEit Transfer has disclosed a critical authentication bypass flaw, CVE-2024-5806, which allows attackers to bypass the authentication process in the SFTP module.
– Exploitation attempts have been reported shortly after the flaw was disclosed, with around 2,700 internet-exposed MOVEit Transfer instances, primarily in the US, UK, Germany, Canada, and the Netherlands.
– Patch updates are available for impacted product versions, and MOVEit Cloud customers have automatically received the patches.
– A separate vulnerability in a third-party component elevates the risks associated with CVE-2024-5806, prompting system administrators to block RDP access and restrict outbound connections until a fix is available.
– Another security bulletin addresses a similar authentication bypass issue, CVE-2024-5805, impacting MOVEit Gateway 2024.0.0.
Action Items:
– Organizations using impacted MOVEit Transfer versions need to apply the related security updates and mitigations as soon as possible.
– Customers without a current maintenance agreement should contact the Renewals team or Progress partner representative to resolve the issue.
– MOVEit Cloud customers do not need to take any action as patches have already been automatically deployed.
– System administrators should also take steps to mitigate the separate vulnerability in the third-party component until a fix is made available by blocking RDP access and restricting outbound connections.
Overall, it is crucial for organizations using Progress MOVEit Transfer to promptly address the vulnerabilities by applying the available security updates and mitigations to prevent exploitation attempts and potential data breaches.