New MOVEit Auth Bypass Vulnerability Under Attack Now, Patch Immediately
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Progress Software’s popular MOVEit Transfer and MOVEit Cloud-managed, file transfer solutions, have been found to contain a critical authentication bypass vulnerability (CVE-2024-5806).
The vulnerability, which exists in the products’ SFTP module, can allow attackers to bypass authentication and gain unauthorized access to sensitive data.
Researchers at watchTowr first disclosed the vulnerability and published a detailed technical analysis.
They found that an attacker could trick the system into granting access without proper credentials by manipulating certain parameters during the SSH authentication process.
Exploit code for the vulnerability was released publicly mere hours after Progress Software issued a security bulletin acknowledging the flaw. This has led to a surge in attack attempts against vulnerable MOVEit installations.
Very shortly after vulnerability details were published today we started observing Progress MOVEit Transfer CVE-2024-5806 POST /guestaccess.aspx exploit attempts. If you run MOVEit & have not patched yet – please do so now: https://t.co/AenLgqg1wM
NVD: https://t.co/OHQRNFNE9p
— The Shadowserver Foundation (@Shadowserver) June 25, 2024
Last year, MOVEit Transfer was the target of a massive cyber attack campaign by the Cl0p ransomware group, which exploited a zero-day SQL injection vulnerability to breach dozens of organizations and steal sensitive data.
Given MOVEit’s popularity for transferring critical business information, security experts fear this new vulnerability could lead to similar wide-scale attacks.
Progress Software has released patches for MOVEit Transfer versions 2024.0.2, 2023.1.6, and 2023.0.11, as well as MOVEit Gateway versions 2024.0.1 and later.
The company “strongly recommends all MOVEit Transfer and MOVEit Cloud customers apply these patches immediately.”
Researchers at Rapid7 have confirmed they could reproduce the exploit and achieve an authentication bypass against vulnerable, unpatched versions of both MOVEit Transfer and MOVEit Gateway. They advise organizations to treat this vulnerability with high priority.
Security professionals are urging all organizations using MOVEit Transfer or MOVEit Cloud to patch their systems without delay.
Applying vendor-provided security updates is critical to close off this attack vector before threat actors can exploit it to gain a foothold. Delaying patching could expose sensitive data to unauthorized access and theft.
As more details of this vulnerability come to light, it’s clear that speed is of the essence when applying mitigations. Organizations should refer to Progress Software’s security bulletin for the latest patching instructions and guidance to protect their MOVEit deployments from this critical flaw.
#Cyber_Security_News #Vulnerability #cyber_security #vulnerability
Оригинальная версия на сайте:
New MOVEit Auth Bypass Vulnerability Under Attack Now, Patch Immediately
Author: Guru BaranProgress Software’s popular MOVEit Transfer and MOVEit Cloud-managed, file transfer solutions, have been found to contain a critical authentication bypass vulnerability (CVE-2024-5806).
The vulnerability, which exists in the products’ SFTP module, can allow attackers to bypass authentication and gain unauthorized access to sensitive data.
Researchers at watchTowr first disclosed the vulnerability and published a detailed technical analysis.
They found that an attacker could trick the system into granting access without proper credentials by manipulating certain parameters during the SSH authentication process.
Exploit code for the vulnerability was released publicly mere hours after Progress Software issued a security bulletin acknowledging the flaw. This has led to a surge in attack attempts against vulnerable MOVEit installations.
Very shortly after vulnerability details were published today we started observing Progress MOVEit Transfer CVE-2024-5806 POST /guestaccess.aspx exploit attempts. If you run MOVEit & have not patched yet – please do so now: https://t.co/AenLgqg1wM
NVD: https://t.co/OHQRNFNE9p
— The Shadowserver Foundation (@Shadowserver) June 25, 2024
Last year, MOVEit Transfer was the target of a massive cyber attack campaign by the Cl0p ransomware group, which exploited a zero-day SQL injection vulnerability to breach dozens of organizations and steal sensitive data.
Given MOVEit’s popularity for transferring critical business information, security experts fear this new vulnerability could lead to similar wide-scale attacks.
Progress Software has released patches for MOVEit Transfer versions 2024.0.2, 2023.1.6, and 2023.0.11, as well as MOVEit Gateway versions 2024.0.1 and later.
The company “strongly recommends all MOVEit Transfer and MOVEit Cloud customers apply these patches immediately.”
Researchers at Rapid7 have confirmed they could reproduce the exploit and achieve an authentication bypass against vulnerable, unpatched versions of both MOVEit Transfer and MOVEit Gateway. They advise organizations to treat this vulnerability with high priority.
Security professionals are urging all organizations using MOVEit Transfer or MOVEit Cloud to patch their systems without delay.
Applying vendor-provided security updates is critical to close off this attack vector before threat actors can exploit it to gain a foothold. Delaying patching could expose sensitive data to unauthorized access and theft.
As more details of this vulnerability come to light, it’s clear that speed is of the essence when applying mitigations. Organizations should refer to Progress Software’s security bulletin for the latest patching instructions and guidance to protect their MOVEit deployments from this critical flaw.
#Cyber_Security_News #Vulnerability #cyber_security #vulnerability
Оригинальная версия на сайте:
