mickmick.net

MOVEit Products Security Restriction Bypass Vulnerabilities

Release Date: 27 Jun 2024

RISK: Medium Risk

TYPE: Clients - Productivity Products

Multiple vulnerabilities were identified in MOVEit Products. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass on the targeted system.

 

Note:

Proof of concept exploit for CVE-2024-5806 exists on the internet.

To exploit the vulnerability, attackers must have knowledge of a valid users on the vulnerable system. Hence, the risk level is rated to Medium Risk.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

• MOVEit Gateway 2024.0.0
• MOVEit Transfer from 2023.0.0 before 2023.0.11
• MOVEit Transfer from 2023.1.0 before 2023.1.6
• MOVEit Transfer from 2024.0.0 before 2024.0.2

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version MOVEit Gateway 2024.0.1
• Update to version MOVEit Transfer 2023.0.11
• Update to version MOVEit Transfer 2023.1.6
• Update to version MOVEit Transfer 2024.0.2

 

---

Vulnerability Identifier

• CVE-2024-5805
• CVE-2024-5806

---

Source

• Progress Community

---

Related Link

• https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805
• https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806