Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in MOVEit Transfer
Alerts

Active Exploitation of Critical Vulnerability in MOVEit Transfer

29 June 2024

Progress Software has released security updates to address a critical vulnerability (CVE-2024-5806) in MOVEit Transfer. The vulnerability has a CVSSv3.1 score of 9.1 out of 10 and is reportedly being actively exploited.

Successful exploitation of the improper authentication vulnerability in the MOVEit Transfer's SSH File Transfer Protocol (SFTP) module could allow an attacker to bypass authentication and gain unauthorised access to an affected system.

This vulnerability affects MOVEit Transfer versions from 2023.0.0 to before 2023.0.11, from 2023.1.0 to before 2023.1.6, and from 2024.0.0 to before 2024.0.2.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:    

https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806

https://www.darkreading.com/remote-workforce/fresh-moveit-bug-under-attack-disclosure