Active Exploitation of Critical Vulnerability in MOVEit Transfer

Published on 29 Jun 2024

Progress Software has released security updates to address a critical vulnerability (CVE-2024-5806) in MOVEit Transfer. The vulnerability has a CVSSv3.1 score of 9.1 out of 10 and is reportedly being actively exploited.

Successful exploitation of the improper authentication vulnerability in the MOVEit Transfer's SSH File Transfer Protocol (SFTP) module could allow an attacker to bypass authentication and gain unauthorised access to an affected system.

This vulnerability affects MOVEit Transfer versions from 2023.0.0 to before 2023.0.11, from 2023.1.0 to before 2023.1.6, and from 2024.0.0 to before 2024.0.2.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here: