CVE-2024-5805: Critical SFTP Authentication Bypass Vulnerability in MOVEit Gateway

CVE-2024-5805

A critical vulnerability (CVE-2024-5805) has been identified in the MOVEit Gateway software, exposing organizations to the risk of unauthorized access via SFTP. Progress Software, the developer of MOVEit, disclosed the vulnerability today and issued an urgent advisory for customers to apply the available patch immediately.

CVE-2024-5805

Vulnerability Details and Potential Impact

With a CVSS score of 9.1, the vulnerability enables attackers to bypass SFTP authentication mechanisms, potentially gaining access to sensitive data within MOVEit Gateway instances. MOVEit Gateway, an optional component designed to proxy traffic to and from MOVEit Transfer servers, is often deployed in high-stakes environments where large volumes of confidential information are exchanged.

Given the nature of the MOVEit enterprise file transfer suite, this vulnerability is of high concern. Enterprise file transfer solutions often manage a large volume of sensitive and confidential data, making them prime targets for threat actors. The potential for data breaches and subsequent extortion is substantial, as seen in the June 2023 incident where the Cl0p ransomware group exploited a different vulnerability in MOVEit Transfer.

Scope of Vulnerability

The CVE-2024-5805 vulnerability specifically affects MOVEit Gateway version 2024.0.0. Earlier versions and the cloud-based MOVEit Cloud are reportedly not impacted. However, Shodan scans indicate approximately 70 publicly accessible MOVEit Gateway SFTP servers, signifying a substantial attack surface if the vulnerability remains unpatched.

Mitigation and Recommendations

Progress Software has released a patch (MOVEit Gateway 2024.0.1) to address the vulnerability and emphasizes the urgency of applying it. While the update may require a brief system outage, the security benefits significantly outweigh any temporary disruption.