Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-5806Improper Authentication in Moveit Transfer

CWE-287Improper Authentication8 documents7 sources
Severity
9.8CRITICALNVD
CNA9.1VulnCheck9.1
EPSS
89.9%
top 0.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Progress Moveit Transfer
Timeline
PublishedJun 25
Latest updateJun 26

Description

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5progress/moveit_transfer2023.0.02023.0.11+2
NVDprogress/moveit_transfer2023.0.02023.0.11+2

🔴Vulnerability Details

3
CVEList
MOVEit Transfer Authentication Bypass Vulnerability2024-06-25
GHSA
GHSA-38m7-95rg-7m84: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios2024-06-25
VulnCheck
Progress MOVEit Transfer SFTP Module Authentication Bypass2024

💥Exploits & PoCs

1
Metasploit
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

🔍Detection Rules

2
Suricata
ET EXPLOIT MoveIT Transfer SFTP Authentication Bypass Attempt Inbound M0 (CVE-2024-5806)2024-06-26
Suricata
ET EXPLOIT MoveIT Transfer SFTP Authentication Bypass Attempt Inbound M1 (CVE-2024-5806)2024-06-26
CVE-2024-5806 — Improper Authentication | cvebase