Progress Software’s MoveIt Transfer product is once again facing a security alert due to a new vulnerability being actively exploited, following an apparent leak of flaw details. The company disclosed two critical improper authentication vulnerabilities on Tuesday: CVE-2024-5806 affecting MoveIt Transfer and CVE-2024-5805 in MoveItGateway. This news comes as a stark reminder of the potential risks associated with unpatched vulnerabilities, especially considering the previous Clop ransomware attacks on MoveIt Transfer customers in 2023.
The Shadowserver Foundation, a non-profit cybersecurity organization, has reported increasing exploitation attempts against CVE-2024-5806 since its public disclosure. This trend of rapid exploitation following vulnerability disclosure has become a significant concern within the cybersecurity industry. Progress Software released patches for both vulnerabilities on June 11, urging users to upgrade to the latest MoveIt versions. However, the company highlighted that upgrading to the patched release may cause system downtime, as it requires using the full installer.
In addition to the disclosed vulnerabilities, Progress Software also warned users about a new risk associated with an unspecified third-party component used in MoveIt Transfer. The company emphasized that leaving this risk unpatched could escalate the severity of the original vulnerability. Despite releasing fixes for these flaws, the third-party risk remains unaddressed by Progress Software’s patch.
Prior to the public disclosure of CVE-2024-5806, cybersecurity vendor WatchTowr Labs revealed that an anonymous source had previously disclosed details of the vulnerability in an internet relay chat. According to WatchTowr, the source warned about the potential involvement of advanced persistent threat groups and ransomware gangs exploiting the flaw. WatchTowr researchers identified two separate vulnerabilities within Progress MoveIt and a third-party library for IPWorks SSH server, highlighting the complexity of this issue.
WatchTowr commended Progress Software for taking the vulnerability seriously and conducting a thorough investigation into its root cause. The cybersecurity community praised the company’s proactive disclosure process with customers and its efforts to ensure that patches were deployed promptly. Ryan Emmons, lead security researcher at Rapid7, also addressed the vulnerabilities in a blog post, warning about the risks associated with exploitation and emphasizing the need for organizations to apply patches urgently.
As of Wednesday, there have been no confirmed reports of exploitation related to these vulnerabilities. However, third-party sources have reported attempts against cloud honeypots, indicating potential exploit activity. Rapid7 continues to monitor the situation closely and will provide updates if exploitation is verified with high confidence.
In conclusion, the recent security alerts surrounding Progress Software’s MoveIt Transfer product highlight the importance of timely patching and proactive vulnerability management. As cyber threats evolve and attackers become increasingly sophisticated, organizations must remain vigilant in securing their systems and protecting sensitive data. The collaboration between security vendors, researchers, and organizations is crucial in addressing and mitigating cybersecurity risks effectively.