Progress Software has warned customers about a new high-severity vulnerability that could allow attackers to escalate privileges within the system.
The vulnerability tracked as CVE-2024-6576 with a CVSS score of 7.3 that stemming from improper authentication mechanisms, affects several versions of MOVEit Transfer released in 2023 and 2024.
The following versions of MOVEit Transfer are susceptible to CVE-2024-6576:
- MOVEit Transfer 2023.0.0 to 2023.0.11
- MOVEit Transfer 2023.1.0 to 2023.1.6
- MOVEit Transfer 2024.0.0 to 2024.0.2
Progress Software strongly recommends upgrading to the latest patched versions:
- MOVEit Transfer 2024.0.3 (16.0.3)
- MOVEit Transfer 2023.1.7 (15.1.7)
- MOVEit Transfer 2023.0.12 (15.0.12)
Progress has said that the MOVEit Cloud clusters have been patched, on-premises installations are at immediate risk. Given the widespread use of MOVEit in enterprise environments, this vulnerability is a prime target for threat actors looking to gain unauthorized access to sensitive data and systems.
Customers should prioritize applying these updates immediately to minimize the risk of exploitation. Organizations are advised to monitor their MOVEit Transfer logs for any suspicious activity and implement additional security measures, such as network segmentation and intrusion detection systems, to further protect their environments.
