A critical security flaw has been discovered in Progress Software’s MOVEit Transfer software, allowing cyber attackers to bypass authentication mechanisms. This vulnerability is already being exploited in the wild shortly after being disclosed.
MOVEit Transfer, a file sharing and collaboration application used by large enterprises, was previously targeted in a series of ransomware attacks that impacted numerous organizations, including British Airways, Siemens, and UCLA. The mass exploitation of this software significantly influenced the findings of the recent Data Breach Investigations Report by Verizon.
The newly identified bug, known as CVE-2024-5806, is an authentication vulnerability in MOVEit’s SFTP module. Progress Software has issued a security advisory with patching information for affected versions of the software.
System administrators are urged to apply the patch promptly to prevent cyber criminals from exploiting the vulnerability. Given the history of attacks on MOVEit Transfer, the potential access to sensitive files in Fortune 1000 companies poses a significant risk for espionage-driven advanced persistent threats (APTs).
According to the nonprofit Shadowserver Foundation, exploit attempts targeting CVE-2024-5806 were observed shortly after the vulnerability details were disclosed. It was reported that there are approximately 1,800 exposed instances of the software online, although not all are vulnerable.
Researchers at watchTowr have identified two possible attack scenarios related to the vulnerability, describing one as a “forced authentication” method using a malicious SMB server. In a more severe scenario, threat actors could impersonate any user on the system, potentially gaining unauthorized access to sensitive data.