Two improper authentication vulnerabilities can lead to authentication bypass

Threat ID:CC-4516

Threat Severity:Medium

Published:26 June 2024 2:37 PM

Summary

Affected platforms

The following platforms are known to be affected:

Progress (formerly Ipswitch) MOVEit Transfer

2023.0.0 before 2023.0.11
2023.1.0 before 2023.1.6
2024.0.0 before 2024.0.2

Progress (formerly Ipswitch) MOVEit Gateway

2024.0.0 before 2024.0.1

Threat details

Progress have stated the following regarding MOVEit Cloud

"For customers on MOVEit Cloud, no further action is needed as the MOVEit Transfer patch has already been deployed to MOVEit Cloud. In addition, our MOVEit Cloud infrastructure is safeguarded against the recently disclosed third-party vulnerability through strict access controls on the underlying infrastructure.

MOVEit Cloud does not use MOVEit Gateway, so no further action is needed by MOVEit Cloud customers."

Introduction

Progress (formerly Ipswitch) has released a security update for two critical vulnerabilities found in the SFTP module of the MOVEit Transfer (CVE-2024-5806) and MOVEit Gateway (CVE-2024-5805) applications. MOVEit is a managed secure file transfer tool. The improper authentication vulnerability known as CVE-2024-5806 has a CVSSv3 score of 9.1 and can lead to authentication bypass in MOVEit Transfer. CVE-2024-3805 is also an improper authentication vulnerability with a CVSSv3 score of 9.1, which can lead to authentication bypass in MOVEit Gateway.

Exploitation of CVE-2024-5806 in the wild

Publicly available proof-of-concept code is available for CVE-2024-5806 and exploitation attempts have been reported in the wild.

In May 2023 Progress issued fixes for a critical vulnerability in their Managed File Transfer (MFT) software, MOVEit Transfer. Internet-facing MOVEit Transfer servers were targeted by multiple threat groups - including the cybercriminal group associated with CL0P ransomware - in a mass-exploitation campaign affecting hundreds of victim organisations, resulting in major disruption and data loss.

Internet-facing file transfer applications have become a popular target for ransomware and data-extortion groups, and rapidly patching vulnerable software should be considered of critical importance.

NHS England National CSOC has assessed a high likelihood that exploitation of this vulnerability will increase.

Threat updates


27 Jun 2024	Added details of CVE-2024-5805 CVE-2024-5805 is an authentication bypass vulnerability in Progress MOVEit Gateway. Details of this vulnerability and remediation steps have been added to this cyber alert.

Remediation advice

Affected organisations are strongly encouraged to review the Progress Community MOVEit Transfer Critical Security Alert Bulletin June 2024 - CVE-2024-5806 (applies to MOVEit Transfer) and Progress Community MOVEit Gateway Critical Security Alert Bulletin June 2024 - CVE-2024-5805 (applies to MOVEit Gateway) and apply updates as soon as practicable.

Note: Progress also list in their advisory additional steps organisations can take to mitigate a vulnerability in a third-party component of MOVEit Transfer.

"A newly identified vulnerability in a third-party component used in MOVEit Transfer elevates the risk of the original issue mentioned above if left unpatched. While the patch distributed by Progress on June 11th successfully remediates the issue identified in CVE-2024-5806, this newly disclosed third-party vulnerability introduces new risk. Please work with your internal teams to take the following steps to mitigate the third-party vulnerability."

Affected organisations are also encouraged to apply additional mitigation steps addressing the third-party vulnerability as detailed in the Progress bulletin June 2024 - CVE-2024-5806.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished

CVE-2024-5806Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

StatusPublished

CVE-2024-5805Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.

Last edited: 27 June 2024 1:19 pm