New MOVEit transfer vulnerabilities that require patching (2024) – CyberTalk

EXECUTIVE SUMMARY:

Remember last year’s MOVEit meltdown? Get ready for a reprise…

For anyone who missed last year’s madness, MOVEit Transfer is a popular managed file transfer product sold by Progress Software, which provides business applications and services to more than 100,000 organizations globally.

In 2023, the software code for the MOVEit Transfer product was found to contain multiple vulnerabilities, leading to a rash of ransomware attacks, and data exposure for thousands of organizations.

The level of business exploitation was so severe that it impacted the results of this year’s “Data Breach Investigations Report” (DBIR) from Verizon.

Earlier this month, Progress Software contacted users about two high-severity vulnerabilities, CVE-2024-5805 and CVE-2024-5806. Both are categorized as authentication bypass-style vulnerabilities. Each one has been assigned a 9.1 severity score.

To allow adequate time for patching, the information was under embargo until June 25th. This appears to have been a wise move, as just hours after being made public, at least one vulnerability is seeing active exploit attempts in the wild.

The Shadowserver Foundation has detected exploitation efforts that hone in on honeypot systems, in particular.

The new bugs

“To be clear, these vulnerabilities are not related to the zero-day MOVEit Transfer vulnerability we reported in May 2023,” said a Progress Software spokesperson.

CVE-2024-5806 is an improper authentication vulnerability in MOVEit’s SFTP module, which can potentially lead to authentication bypass in some instances.

Cyber security researchers have noted that this CVE could be weaponized to “impersonate any user on the server.”

CVE-2024-5805 is another SFTP-associated authentication bypass vulnerability, which affects MOVEit Gateway version 2024.0.0.

Action items

As a cyber security leader, have your team check on whether or not your MOVEit Transfer software is up-to-date. Patches are available for all vulnerabilities.

Communicate to your team that these vulnerabilities are a priority, as they have serious business implications. If patching hasn’t yet been completed, emphasize the importance of patching quickly. After patching, confirm successful implementation.

Additional considerations

Reassess your organization’s vulnerability to ransomware attacks. Take a layered approach to cyber security and consider additional cyber security measures. You might want to invest in proactive processes like vulnerability assessments and red teaming. In addition, review and update your incident response plan, as to address potential MOVEit Transfer exploitation attempts.

Further information

As compared to the MOVEit Transfer exposure numbers from last year, experts say that the numbers appear similar – the geographies and networks where MOVEit Transfer is observed also mirror those of the 2023 incident.

See CyberTalk.org’s past MOVEit Transfer coverage here. Get more insights into software supply chain vulnerabilities here.

Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.