Security Alert: Critical MOVEit Vulnerabilities Exposed

Recently, significant vulnerabilities have been discovered in the MOVEit Transfer and MOVEit Gateway products, posing serious risks to data security. These vulnerabilities, tracked as CVE-2024-5805 and CVE-2024-5806, could potentially allow unauthorized access and data breaches. 

This discovery follows the major breach in May 2023, where MOVEit became the target of the Cl0p ransomware group, compromising the data of millions and exposing significant security gaps.

This blog post, prepared with insights from our Principal Security Consultants, provides essential details and guidance to protect your systems from these threats.

CVE-2024-5805 (MOVEit Gateway):

• Type: Authentication bypass
• Affected Version: 2024.0.0
• Severity Score: 9.1 (Critical)
• Impact: Allows unauthorized access through an authentication bypass mechanism.
• Action: Immediate patching is required.
• 
  

CVE-2024-5806 (MOVEit Transfer):

• Type: Forced authentication and SFTP user impersonation
• 
  

Affected Versions:

• From 2023.0.0 before 2023.0.11
• From 2023.1.0 before 2023.1.6
• From 2024.0.0 before 2024.0.2

Severity Score: 9.1 (Critical)

• Impact: Enables attackers to force authentication and impersonate SFTP users, leading to unauthorized data access, manipulation, and potential full system compromise.
• Action: Immediate patching is required.

Given the critical nature of these vulnerabilities, immediate action is essential to mitigate potential risks. Users are strongly advised to update their MOVEit software to the latest patched versions provided by Progress Software.

In response to the MOVEit vulnerabilities, users are strongly advised to take immediate action to mitigate associated risks. The Centre for Internet Security (CIS) recommends the following steps:

• Apply Updates:
• Promptly install patches provided by Progress Software after conducting necessary tests.
• Maintain a documented vulnerability management process and update it regularly, especially after significant changes.
• Use automated tools to manage application updates frequently, preferably monthly or more often.
• Conduct regular automated scans of externally exposed assets using SCAP-compliant tools to identify vulnerabilities.
• Address detected vulnerabilities swiftly, using automated tools and processes, on a monthly or more frequent basis.
• 
  
• Implement Least Privilege Principle:
• Ensure that all software runs with the minimum necessary privileges to reduce the potential impact of an attack.
• Manage and secure default accounts on all enterprise assets and software.
• Limit administrative privileges to specific accounts designated for administrative tasks, and use non-privileged accounts for everyday activities like browsing and email.
• 
  
• Restrict Access:
• Limit access to file shares, remote systems, and unnecessary services. Use network concentrators, RDP gateways, and similar mechanisms to enforce these restrictions.
• 
  
• Deploy Network Intrusion Prevention:
• Use intrusion detection signatures to block suspicious traffic at network boundaries.
• Implement a Network Intrusion Detection System (NIDS) or equivalent cloud service to monitor and detect intrusions.
• Deploy a Network Intrusion Prevention System (NIPS) or equivalent cloud service to prevent potential intrusions.
• 
  
• Enhance Exploit Protection:
• Use tools to detect and block potential exploit conditions.
• Implement application layer filtering through proxies, application layer firewalls, or gateways to monitor and control application traffic.
• 
  

For the full advisory and detailed recommendations, please refer to the Centre for Internet Security (CIS) guidelines here.

Explore the entire Evolve suite of products here, designed to give your enterprise complete protection from evolving threats.