Two critical vulnerabilities have been identified in MOVEit software components: CVE-2024-5805 in MOVEit Gateway and CVE-2024-5806 in MOVEit Transfer. Both vulnerabilities concern improper authentication mechanisms within the SFTP modules, potentially allowing unauthorized access.
CVE-2024-5805 affects MOVEit Gateway version v2024.0.0, with a patch available in v2024.0.1. CVE-2024-5806 impacts several versions of MOVEit Transfer, ranging from v2023.0.0 to v2024.0.2. The latter vulnerability also extends to MOVEit Cloud environments, which have been addressed with patches.
Progress Software has issued advisories urging users to upgrade immediately to the patched releases to mitigate these security risks. The upgrade process will require a brief system downtime. No other mitigation is known at this time.
Detailed investigations and a proof-of-concept exploit for CVE-2024-5806 have been published by WatchTowr Labs. Given the serious nature of these vulnerabilities, users are strongly advised to update their systems as soon as possible to prevent potential security breaches. There are reports of threat actors attempting to exploit these vulnerabilities in the wild. If you require assistance or believe you may be affected, please contact csirt@frsecure.com
Links:
https://www.helpnetsecurity.com/2024/06/25/cve-2024-5805-cve-2024-5806/