A new vulnerability in the managed file transfer solution MOVEit Transfer (MFT), which allows threat actors to bypass authentication and tamper with other people’s files as they see fit.
The company disclosed finding the vulnerability earlier this week, but has also revealed a patch is available now, with users advised to apply it immediately and secure their networks.
The vulnerability, described as an improper authentication flaw, is tracked as CVE-2024-5806, and is currently awaiting a severity score. It allows people to work past the authentication process in the Secure File Transfer Protocol (SFTP) module, responsible for transferring files over SSH. Threat actors abusing this flaw are allowed to access data stored on the MFT server, upload, download, delete, or modify files, as well as intercept and tamper with incoming/outgoing file transfers.
Vulnerable instances
Cyber-intelligence platform Censys scanned the internet for exposed MFT instances and found roughly 2,700 of them, mostly located in the US, UK, Germany, Canada, and the Netherlands. However, it is impossible to tell how many of these applied the patch, or how many are vulnerable at this time.
Yet we do know that malicious actors are already on the move. Shadowserver Foundation said it observed multiple threat actors trying to exploit the flaw. It is only logical, given that cybersecurity experts from watchTowr published a proof-of-concept, detailing how an attack might be pulled off.
The vulnerability affects these versions:
2023.0.0 before 2023.0.11
2023.1.0 before 2023.1.6
2024.0.0 before 2024.0.2
Users should patch to versions 2023.0.11, 2023.1.6, and 2024.0.2, all available on the Progress Community portal.
Last year, MFT was at the center of a major security fiasco, after a flaw in the system allowed the Cl0p ransomware group to steal sensitive data from thousands of organizations worldwide.
Via BleepingComputer
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/YbizeHRMkF5QLe6eeYypqc-1200-80.jpg
Source link
