Security Alert: Critical Vulnerabilities in MOVEit – CVE-2024-5805 and CVE-2024-5806

Share This Post

Two critical vulnerabilities have been identified in MOVEit software components: CVE-2024-5805 in MOVEit Gateway and CVE-2024-5806 in MOVEit Transfer. Both vulnerabilities concern improper authentication mechanisms within the SFTP modules, potentially allowing unauthorized access.

CVE-2024-5805 affects MOVEit Gateway version v2024.0.0, with a patch available in v2024.0.1. CVE-2024-5806 impacts several versions of MOVEit Transfer, ranging from v2023.0.0 to v2024.0.2. The latter vulnerability also extends to MOVEit Cloud environments, which have been addressed with patches.

Progress Software has issued advisories urging users to upgrade immediately to the patched releases to mitigate these security risks. The upgrade process will require a brief system downtime. No other mitigation is known at this time.

Detailed investigations and a proof-of-concept exploit for CVE-2024-5806 have been published by WatchTowr Labs. Given the serious nature of these vulnerabilities, users are strongly advised to update their systems as soon as possible to prevent potential security breaches. There are reports of threat actors attempting to exploit these vulnerabilities in the wild. If you require assistance or believe you may be affected, please contact csirt@frsecure.com

Links:

https://www.rapid7.com/blog/post/2024/06/25/etr-authentication-bypasses-in-moveit-transfer-and-moveit-gateway

https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806

https://www.helpnetsecurity.com/2024/06/25/cve-2024-5805-cve-2024-5806/



Reach out to our incident response team for help

More To Explore

Information Security News – 2/3/2025

Phishing Campaign Baits Hook with Malicious Amazon PDFs Article Link: https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs Cybersecurity Crisis in Numbers Article Link: https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/ Google Forced to Step Up Phishing Defenses

Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/ FTC Orders GM to Stop Collecting and Selling Driver’s Data Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Brave

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.