MOVEit Transfer: Improper Authentication (CVE-2024-5806) #shorts #breaking

CVE

This CVE relates to an Improper Authentication vulnerability in Progress MOVEit Transfer, specifically in its SFTP module. Published on June 25, 2024, this zero-day vulnerability allows attackers to bypass authentication and gain unauthorized access to the system. Affected versions include MOVEit Transfer from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, and from 2024.0.0 before 2024.0.2. All users of Progress MOVEit Transfer should be aware of this serious issue, as it compromises the system's security by enabling unauthorized access.

Watch the full video on YouTube: CVE-2024-5806

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-5806
Description
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
Provider
ProgressSoftware
CWE / problem types
CWE-287 Improper Authentication
Affected Software Versions
Progress:MOVEit Transfer:[{'lessThan': '2023.0.11', 'status': 'affected', 'version': '2023.0.0', 'versionType': 'semver'}, {'lessThan': '2023.1.6', 'status': 'affected', 'version': '2023.1.0', 'versionType': 'semver'}, {'lessThan': '2024.0.2', 'status': 'affected', 'version': '2024.0.0', 'versionType': 'semver'}]
Date Published
2024-06-25T15:04:37.342Z
Last Updated
2024-08-01T21:25:02.659Z