CVE-2024-5806

Description

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

References

https://www.tenable.com/blog/cybersecurity-snapshot-memory-bugs-pervasive-in-open-source-sw-while-car-dealership-chaos

https://www.hivepro.com/threat-advisory/critical-vulnerabilities-patched-in-progress-softwares-moveit/

https://www.zdnet.com/article/a-new-moveit-vulnerability-is-igniting-hacking-attempts-companies-should-patch-asap/#ftag=RSSbaffb68

https://www.scmagazine.com/news/new-moveit-critical-bug-sees-swift-exploitation-attempts

https://www.techtarget.com/searchsecurity/news/366591974/MoveIt-Transfer-vulnerability-targeted-amid-disclosure-drama?&web_view=true

https://arstechnica.com/security/2024/06/critical-moveit-vulnerability-puts-huge-swaths-of-the-internet-at-severe-risk/

https://securityaffairs.com/164949/hacking/progress-moveit-transfer-flaw-actively-exploited.html

https://thecyberthrone.in/2024/06/26/moveit-transfer-critical-vulnerability-cve-2024-5806/

https://www.bleepingcomputer.com/news/security/hackers-target-new-moveit-transfer-critical-auth-bypass-bug/

https://www.theregister.com/2024/06/26/batten_down_the_hatches_its/

https://www.rapid7.com/blog/post/2024/06/25/etr-authentication-bypasses-in-moveit-transfer-and-moveit-gateway/?&web_view=true

https://www.tenable.com/blog/cve-2024-5806-progress-moveit-transfer-authentication-bypass-vulnerability

https://www.rapid7.com/blog/post/2024/06/25/etr-authentication-bypasses-in-moveit-transfer-and-moveit-gateway/

https://www.progress.com/moveit

https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3