Disclosure of additional MOVEit CVEs surfacing a year after the 2023 debacle
In a recent development, Progress Software has disclosed a pair of high-severity authentication bypass vulnerabilities in its MOVEit file-transfer service. The vulnerabilities, identified as CVE-2024-5805 and CVE-2024-5806, were revealed on June 27, 2024, and both have a CVSS score of 9.1.
CVE-2024-5806, in particular, has been actively exploited in the wild shortly after disclosure. While the exact steps to exploit this vulnerability are not publicly detailed, it is known that it affects MOVEit Transfer software and represents a significant risk due to the service's widespread use by many enterprises.
Implications of CVE-2024-5806
The exploitation of CVE-2024-5806 could potentially allow attackers to access or exfiltrate sensitive files, execute unauthorized commands or code, and disrupt file transfer workflows or cause data breaches. The urgency to patch MOVEit Transfer is emphasized due to active exploitation and an observed surge in attack scans targeting the software.
Unpatched MOVEit versions remain vulnerable, so immediate application of all relevant patches is critical. Organizations are strongly advised to update and patch MOVEit Transfer fully, covering all 2023 and 2024 updates.
Background
On the same day as the vulnerability disclosure, Progress Software reported earnings for its fiscal second quarter. Despite the security incident, customers have continued to express satisfaction with Progress's handling of the situation.
Interestingly, more than 4 in 5 victim organizations had no direct relationship with Progress, yet were impacted due to third-party vendors who did. This highlights the importance of a comprehensive security approach in the supply chain.
Response and Mitigation
Progress Software issued advisories and provided patches for the vulnerabilities on June 11, 2024. The company, along with researchers, is urging MOVEit customers to upgrade to patched versions of the products on an emergency basis.
For those seeking more detailed information on the exploitation steps, watchTowr Labs has published an exhaustive blog post detailing the required steps. However, it is essential to note that such information should be handled responsibly and only used for the purpose of securing systems.
Brett Callow, a threat analyst at Emsisoft, stated that while this is a serious vulnerability, the limited circumstances in which it seems it can be exploited would appear to make it somewhat less serious than the vulnerability exploited by the Clop ransomware group last year, which compromised more than 2,700 organizations and exposed more than 93 million personal records held in MOVEit environments by the end of 2023.
In conclusion, while the steps to exploit CVE-2024-5806 are complicated, the risk it poses is significant due to active exploitation in the wild. Organizations are urged to prioritize the patching of their MOVEit Transfer services to minimize the potential for a security breach.
- The active exploitation of CVE-2024-5806, a high-severity vulnerability in Progress Software's MOVEit file-transfer service, could lead to access or exfiltration of sensitive files, unauthorized commands or code execution, and disruptions in file transfer workflows or data breaches.
- Given the surge in attack scans targeting MOVEit Transfer and its active exploitation, organizations are advised to update and patch the software promptly, covering all 2023 and 2024 updates, to minimize the risk of a security breach.
- The potential threat posed by CVE-2024-5806, though complicated to exploit, is significant, and it emphasizes the importance of cybersecurity, especially in the context of data-and-cloud-computing and technology.
