CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability | allinfosecnews.com

June 25, 2024, 8:17 p.m. | Scott Caveza

Cyber Exposure Alerts www.tenable.com

Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability.

Background

On June 25, Progress published an advisory for a vulnerability in MOVEit Transfer, a secure managed file transfer (MFT) solution:

CVEDescriptionCVSSv3CVE-2024-5806MOVEit Transfer Authentication Bypass Vulnerability7.4

Analysis

CVE-2024-5806 is an authentication bypass vulnerability affecting the SSH File Transfer …

advisory authentication authentication bypass bypass bypass vulnerability cve cve-2024 file file transfer gangs high june managed managed file transfer mft moveit moveit transfer patching popular progress progress software ransomware ransomware gangs severity software solution target threat threat actors transfer vulnerability

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability 3 days, 16 hours ago | www.tenable.com

advisory authentication authentication bypass bypass +27

CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited in the Wild 1 week ago | www.tenable.com

advisory automated concept cve +33

Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs 2 weeks, 3 days ago | www.tenable.com

CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability 3 weeks ago | www.tenable.com

Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs 3 weeks, 2 days ago | www.tenable.com

access advisory automation best practices +22

CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server 3 weeks, 4 days ago | www.tenable.com

These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action … 3 weeks, 4 days ago | www.tenable.com

abusing action attention azure +16

CVE-2024-24919: Check Point Security Gateway Information Disclosure Zero-Day Exploited in the Wild 4 weeks, 2 days ago | www.tenable.com

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 1 month, 2 weeks ago | www.tenable.com

addresses critical critical vulnerability cve +15

Watch Officer and Operations Officer

@ Interclypse | Arlington, VA, US

View on infosec-jobs.com

Sales Development Representative

@ Devo | United States

View on infosec-jobs.com

Principal Software Engineer

@ Oracle | Seattle, WA, United States

View on infosec-jobs.com

Engineering Manager, Cloud - TDIR (Remote)

@ CrowdStrike | USA CA Remote

View on infosec-jobs.com

Linux System Administrator II

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com

Linux System Administrator

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com