Vulnerabilities

CVE-2024-5806 MOVEit Transfer Authentication Bypass / 2024-5805 MOVEit Gateway Authentication Bypass

This advisory is for organizations that use MOVEit Transfer and/or MOVEit Gateway.  If your organization does not use this platform, this notification may be discarded. 

 

Summary

Progress has released patches to address a vulnerability discovered in their MOVEit Transfer and Gateway platforms.  The vulnerability may allow an attacker to bypass the SFTP (Secure File Transfer Protocol) authentication process, allowing them to access to MOVEit Transfer and MOVEit Gateway systems.  Additional research has been done which indicates that this vulnerability may also be used to impersonate any user on the server.

 

CVE-2024-5806: CVSSv3.1: 9.1

               Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass

 

CVE-2024-5805: CVSSv3.1: 9.1

               Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP module) allows Authentication Bypass

 

Affected Platforms

MOVEit Transfer prior to v 2023.0.11

MOVEit Transfer prior to v 2023.1.6

MOVEit Transfer prior to v 2024.0.2

MOVEit Gateway prior to v 2024.0.1

 

Mitigations

MOVEit Transfer: Patch as noted in: https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806

MOVEit Gateway: Patch as noted in: https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805

Progress notes additional mitigations that should be taken due to an unidentified third-party vulnerability that is related to CVE-2024-5806.  From Progress:

 

Newly identified 3rd Party Vulnerability

 

A newly identified vulnerability in a third-party component used in MOVEit Transfer elevates the risk of the original issue mentioned above if left unpatched. While the patch distributed by Progress on June 11th successfully remediates the issue identified in CVE-2024-5806, this newly disclosed third-party vulnerability introduces new risk. Please work with your internal teams to take the following steps to mitigate the third-party vulnerability.”

  • Verify you have blocked public inbound RDP access to MOVEit Transfer Servers
  • Limit outbound access to only known trusted endpoints from the MOVEit Transfer Servers

 

Additional Resources

https://www.bleepingcomputer.com/news/security/hackers-target-new-moveit-transfer-critical-auth-bypass-bug/

https://nvd.nist.gov/vuln/detail/CVE-2024-5806

https://nvd.nist.gov/vuln/detail/CVE-2024-5805