June 26, 2024 at 06:05AM
Progress Software announced patches for two critical authentication bypass vulnerabilities affecting its MOVEit Transfer file transfer software. CVE-2024-5805 and CVE-2024-5806 were identified, with the latter already targeted by exploitation attempts. The company enacted patches for both, with further mitigations for CVE-2024-5806’s third-party component vulnerability, amidst heightened security concerns.
After reviewing the meeting notes, the key takeaways are:
– Progress Software publicly announced patches for two critical authentication bypass vulnerabilities affecting its MOVEit Transfer file transfer software.
– CVE-2024-5805 and CVE-2024-5806 are described as improper authentication issues in MOVEit Transfer’s SFTP module.
– CVE-2024-5806 has been patched with the release of MOVEit Transfer versions 2023.0.11, 2023.1.6, and 2024.0.2.
– CVE-2024-5805 impacts version 2024.0.0 and has been fixed with the release of version 2024.0.1.
– Progress noted a third-party component vulnerability that elevates the risk for CVE-2024-5806, providing mitigations until a patch becomes available.
– WatchTowr publicly detailed CVE-2024-5806 and a forced authentication vulnerability affecting the IPWorks SSH server library used by MOVEit Transfer.
– Shadowserver Foundation reported exploitation attempts targeting CVE-2024-5806, and Rapid7 mentioned honeypot activity related to the exploitation attempts.
– Roughly 1,700 internet-exposed MOVEit Transfer instances were observed by Shadowserver, with the majority in North America.
– Censys analysis showed 2,700 MOVEit Transfer instances online, concentrated in the United States, United Kingdom, and Germany.
– CISA warned about attacks targeting a flaw in Progress Software’s Telerik Report Server, and related critical vulnerabilities in Progress’s other products have been reported.
Let me know if you need any further assistance or information.