Published: July 07, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
We’re nowhere near done with the MOVEit file transfer program. Recently, two more issues were found that affect a third-party component and it’s causing trouble. The new ones, CVE-2024-5805 and CVE-2024-5806 are two critical vulnerabilities affecting the popular software, and if exploited, they can have severe consequences including allowing an attacker to execute remote code on systems.
Both CVE-2024-5805 and CVE-2024-5806 are authentication bypass flaws. The former impacts MOVEit Gateway: 2024.0.0 and the latter resides in the Progress MOVEit Transfer (SFTP module).
While CVE-2024-5805 affected version 2024.0.0, CVE-2024-5806 addressed the following versions of MOVEit:
From 2023.0.0 before 2023.0.11
From 2023.1.0 before 2023.1.6, and
From 2024.0.0 before 2024.0.2
To mitigate the risks associated with these vulnerabilities, it is crucial to apply the latest security patches provided by the software vendor. One, released in mid-June addressed some of the problems, a new one is needed for thorough protection.
In addition to ensuring this and all software is updated, implementing robust security measures such as firewalls, intrusion detection systems, and regular security audits can help prevent exploitation.
As for the users, they should also be cautious about opening unsolicited emails or clicking on unknown links, as these are common vectors for such attacks and remain the top way cyberattacks succeed. Watch for common phishing lures such as typos, misspelled words, fuzzy graphics, messages from unknown senders, and messages (text, email, or otherwise) with unexpected links and attachments.
For other mitigation methods, be sure to verify that public inbound RDP access to MOVEit Transfer server(s) is blocked and outbound access is limited to known trusted endpoints only from MOVEit Transfer server(s).
For more detailed information, refer to the official security advisories, in which it is strongly advised that “all MOVEit Transfer customers on versions 2023.0, 2023.1 and 2024.0 to upgrade to the latest patched version immediately and apply patches addressing the third-party product when they are available. Visit the Progress Community website for updates.
There have been more than 1,700 internet-facing instances of this with most of them in the U.S. That number is likely to increase.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
コメント