Critical Auth Bypass Flaw Found in Progress MOVEit Automation

Progress Software has issued an urgent security advisory urging customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. The flaw, tracked as CVE-2024-5806, carries a CVSS score of 9.1, marking it as highly severe. It allows an unauthenticated attacker to bypass authentication mechanisms and gain unauthorized access to the system.

The vulnerability resides in the SFTP module of MOVEit Automation, which is used for secure file transfers. An attacker exploiting this flaw could potentially read, modify, or delete files, or even execute arbitrary commands on the affected server. Progress Software confirmed the issue affects MOVEit Automation versions 2023.0 and earlier, and urged users to upgrade to version 2023.1 or later immediately. The company also noted that MOVEit Transfer, another product in the portfolio, is not impacted by this specific vulnerability.

This discovery comes after a tumultuous period for Progress Software. The company’s MOVEit Transfer product was the target of a massive zero-day exploitation campaign in 2023, which affected hundreds of organizations worldwide and exposed sensitive data. That incident, linked to the Clop ransomware group, led to widespread scrutiny and legal action. While the current vulnerability is in a different product, the company is clearly taking no chances. In its advisory, Progress Software emphasized that there are no known active exploits for this flaw at this time, but it strongly recommended immediate patching due to the high risk of potential attacks.

The authentication bypass nature of this vulnerability is particularly concerning because it does not require any user interaction or privileges. An attacker with network access to the affected MOVEit Automation server could exploit it remotely. Security experts advise organizations to prioritize patching, review access logs for suspicious activity, and implement network segmentation to limit exposure. Given the history of MOVEit-related attacks, this advisory should be treated with the utmost urgency by all affected enterprises.