June 26, 2024 at 09:35AM
Progress Software revealed new vulnerabilities affecting MOVEit Transfer and Gateway, including critical authentication bypass-style flaws with a severity score of 9.1. Last year’s breaches affected 2,773 organizations, prompting an embargo on the information until June 25 to allow for patching. The vulnerabilities could lead to file-less attacks and should be addressed promptly.
Based on the meeting notes, the main takeaways are:
1. Progress Software has identified critical vulnerabilities, CVE-2024-5805 and CVE-2024-5806, affecting MOVEit Transfer and Gateway, with a severity score of 9.1.
2. CVE-2024-5806 affects MOVEit Transfer, potentially allowing for forced authentication attacks and identity assumption of SFTP users. It is deemed less severe by researchers, but still carries a critical severity score. The vulnerability affects versions from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, and from 2024.0.0 before 2024.0.2.
3. CVE-2024-5806 attacks have already been attempted, according to Shadowserver’s telemetry, prompting the urgent need for patches.
4. CVE-2024-5805 affects MOVEit Gateway, being an authentication bypass bug with a severity score similar to CVE-2024-5806, but affecting fewer users. It only impacts version 2024.0.0 and is an optional add-on for MOVEit Transfer users, reducing the attack surface.
5. It is advised that patches for both CVE-2024-5805 and CVE-2024-5806 are applied as soon as possible.
These takeaways summarize the critical information regarding the vulnerabilities affecting MOVEit Transfer and Gateway, emphasizing the need for prompt action to address these security concerns.