Note: This Emerging Threat is also published in the new Fortra Security & Trust Center - the new location for all Emerging Threats beginning in January 2025. Refer to Emerging Threats Moving to Fortra.com for more information on following Emerging Threats in their new location.
Fortra is actively researching an improper authentication vulnerability in MOVEit Transfer – CVE-2024-5806. This vulnerability in the SFTP Module of Progress MOVEit Transfer can lead to authentication bypass. Customers can upgrade to a patched release to mitigate this vulnerability.
Who is affected?
This vulnerability impacts the following versions of MOVEit Transfer.
- MOVEit Transfer 2023.0.0 before 2023.0.11
- MOVEit Transfer 2023.1.1 before 2023.1.6
- MOVEit Transfer 2024.0.0 before 2024.0
What can I do?
Progress has addressed the vulnerability and recommends upgrading to one of the following latest versions.
- MOVEit Transfer 2023.0.11
- MOVEit Transfer 2023.1.6
- MOVEit Transfer 2024.0.2
For more information about this vulnerability and upgrade details, refer to the Progress security advisory.
How is Alert Logic helping me?
Fortra is actively researching this threat to build detection capabilities in addition to those listed below.
Vulnerability Scanning: Alert Logic released agent-based scan coverage on June 29, 2024, and authenticated scan coverage on June 6, 2024, to check for vulnerable hosts. If the vulnerability is found, an exposure (EID: 267763) will be raised for CVE-2024-24919.
Network IDS: Alert Logic released IDS signatures to detect public key injection attempts via HTTP.
Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
06/26/2024: Alert Logic released log telemetry related to known IOCs.
06/29/2024: Alert Logic released agent-based scan coverage to check for vulnerable hosts.
07/01/2024: Alert Logic released authenticated scan coverage to check for vulnerable hosts.
07/05/2024: Alert Logic released IDS signatures to detect public key injection attempts via HTTP.
Comments
0 comments
Please sign in to leave a comment.