An improper authentication vulnerability can lead to privilege escalation

Threat ID:CC-4533

Threat Severity:Medium

Published:1 August 2024 2:05 PM

Summary

Affected platforms

The following platforms are known to be affected:

Progress (formerly Ipswitch) MOVEit Transfer

2023.0.0 to 2023.0.12

2023.1.0 to 2023.1.7

2024.0.0 to 2024.0.3

Threat details

Progress have stated the following regarding MOVEit Cloud

“Note that MOVEit Cloud has already been upgraded to the patched version, so no further action is needed by MOVEit Cloud customers.”

Introduction

Progress (formerly Ipswitch) has released a security update for a vulnerability in the SFTP module of the MOVEit Transfer application. MOVEit is a managed secure file transfer tool.

CVE-2024-6576 has a CVSSv3 score of 7.3 and can lead to privilege escalation in MOVEit Transfer.

Remediation advice

Affected organisations are encouraged to review the Progress Community MOVEit Transfer Critical Security Alert Bulletin July 2024 - CVE-2024-6576 (applies to MOVEit Transfer) and apply updates as soon as practicable.

Definitive source of threat updates

https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576

CVE Vulnerabilities

StatusPublished

CVE-2024-6576Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation. This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.

Last edited: 1 August 2024 2:05 pm