.png "Progress has fixed a new flaw in MOVEit File Transfer that allows privilege escalation")
.png&description=Progress+has+fixed+a+new+flaw+in+MOVEit+File+Transfer+that+allows+privilege+escalation){kind=link}
Progress, the company responsible for maintaining the security of its MOVEit Transfer product, has recently released a critical security alert regarding a newly identified vulnerability. This flaw, known as CVE-2024-6576, has been deemed a high-severity issue, with a CVSS score of 7.3, highlighting the significant risk posed to users.
The vulnerability, detected in the SFTP module of MOVEit Transfer, originates from faulty authentication mechanisms that could potentially enable malicious actors to escalate their privileges. Several versions of the MOVEit Transfer software are impacted by this issue, including versions ranging from 2023.0.0 to 2023.1.7 and 2024.0.0 to 2024.0.3.
To address this security risk, Progress strongly advises all affected customers to upgrade to the latest patched versions of the software. The company has provided a table outlining the fixed versions available for download, including MOVEit Transfer 2024.0.3, 2023.1.7, and 2023.0.12, each accompanied by installation guides and release notes.
In order to upgrade, customers are instructed to log in to the Progress Community’s Download Center using their Progress ID credentials, select the appropriate asset from the “My Active” tab list, click the download link under the “Related Products & Downloads” section, and download the fixed version as specified in the table provided. Should customers encounter any issues or have questions, they are encouraged to open a new Technical Support case through the Progress Community platform. Customers without a current maintenance agreement are advised to reach out to the Progress Renewals team or their designated Progress partner account representative for assistance.
It is essential to note that the only way to address this vulnerability is by upgrading to a patched release using the full installer, which may result in a temporary system outage during the upgrade process. However, customers utilizing the Cloud service need not take any action, as the cloud service has already been updated to the patched version.
In conclusion, the timely and thorough response of Progress to this security vulnerability underscores the company’s commitment to ensuring the safety and integrity of its products. By promptly addressing and remedying such critical issues, Progress demonstrates its dedication to maintaining the trust and security of its customers.