CVE-2024-5806: 
MOVEit Transfer vulnerability analysis and mitigation

CVE-2024-5806 is an Improper Authentication vulnerability discovered in Progress MOVEit Transfer's SFTP module that can lead to Authentication Bypass. The vulnerability affects MOVEit Transfer versions from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, and from 2024.0.0 before 2024.0.2. The vulnerability was disclosed on June 25, 2024 (NVD, Progress Advisory).

The vulnerability exists in the authentication mechanism of MOVEit Transfer's SFTP module, specifically in how it handles public key authentication. The issue involves a third-party vulnerability in the IPWorks SSH library utilized by MOVEit. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) from NVD and 9.1 (Critical) from Progress Software Corporation (NVD, Watchtowr Labs).

The vulnerability allows attackers to bypass authentication mechanisms and potentially impersonate any user on the system. This could lead to unauthorized access to sensitive data and systems. The impact is particularly concerning given that MOVEit Transfer is widely used in enterprise environments for secure file transfer operations (Arctic Wolf).

Progress has released patches to address the vulnerability. Organizations should upgrade to MOVEit Transfer versions 2023.0.11, 2023.1.6, or 2024.0.2 depending on their current version. Additional mitigations include blocking public inbound RDP access to MOVEit Transfer servers and limiting outbound access to only known trusted endpoints. MOVEit Cloud customers have already been patched (Progress Advisory).