Progress MOVEit Transfer Authentication Bypass [CVE-2024-5806] – June 28, 2024 Ingrid The SFTP module of the MOVEit Transfer managed file transfer solution has a flaw in the SSH authentication process that can lead to it being bypassed altogether[1]. This critical severity authentication bypass vulnerability comes on the heels of previous vulnerabilities in the MOVEit Transfer software, and a little more than a year after a major security incident[2] involving the software. Current Bitsight data indicates that 2,800 IP addresses across 1,400 organizations are running MOVEit Transfer software. See the resource center. Status Since we have detection capabilities for multiple prior MOVEit Transfer vulnerabilities, there is a high likelihood we’ll be able to develop a detection technique for this vulnerability. Previous vulnerabilities: CVE-2023-34362 CVE-2023-35036 CVE-2023-35708 CVE-2023-36934 CVE-2023-36933 CVE-2023-36932 Timeline: June 28 – Detection capability testing. June 27 – Reviewed information about the vulnerability and assessing detection capability. References Progress Software Corporation, “MOVEit Transfer Critical Security Alert Bulletin – June 2024 – (CVE-2024-5806)” WIRED Media Group, “Mass exploitation of critical MOVEit flaw is ransacking orgs big and small” Related articles How To Create a Scalable and Sustainable Third Party Risk Management Program CrowdStrike Update Causes Outage – July 19, 2024 Progress MOVEit Transfer Authentication Bypass [CVE-2024-5806] ArcaneDoor Vulnerabilities [CVE-2024-20353, CVE-2024-20359] – May 01, 2024 2024 Ratings Algorithm Update Feedback 0 comments Please sign in to leave a comment.