Progress Software Releases Security Advisory - 20240801003¶
Overview¶
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | Severity | CVSS |
|---|---|---|---|---|
| MOVEit Transfer | - 2023.0 before 2023.0.12 - 2023.1 before 2023.1.7 - 2024.0 before 2024.0.3 | CVE-2024-6576 | High | 7.3 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):
- Progress Community article: https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576
Additional References¶
- Cyber Security News article: https://securityonline.info/progress-software-issues-security-alert-for-moveit-transfer-users-cve-2024-6576/