CVE-2024-5806

Published Jun 25, 2024

Last updated 5 months ago

CVSS critical 9.1

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

This vulnerability affects Progress MOVEit servers utilising SFTP and allows attackers to log in as any user if they can successfully guess their username. Depending on how MOVEit is configured, this could be a trivial step.

More information is available in our blog post here.

Overview

Description
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
Source
security@progress.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

security@progress.com
CWE-287

Social media

Hype score
Not currently trending

References