CVE-2024-5806

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2023.0.0 through 2023.0.10 MOVEit Transfer versions 2023.1.0 through 2023.1.5 MOVEit Transfer versions 2024.0.0 through 2024.0.1

Description The issue is related to an Improper Authentication vulnerability in the SFTP module of Progress MOVEit Transfer, which can lead to Authentication Bypass. This allows a remote attacker to potentially bypass authentication and gain unauthorized access. The vulnerability is being actively exploited. To mitigate risks, it is advised to block public inbound RDP and limit outbound access.

Recommendations For MOVEit Transfer versions 2023.0.0 through 2023.0.10, update to version 2023.0.11 or later. For MOVEit Transfer versions 2023.1.0 through 2023.1.5, update to version 2023.1.6 or later. For MOVEit Transfer versions 2024.0.0 through 2024.0.1, update to version 2024.0.2 or later. As a temporary workaround, consider blocking public inbound RDP and limiting outbound access to minimize the risk of exploitation.