module

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

Try Surface Command
Back to search
Disclosed
Jun 25, 2024
Created
Jul 8, 2024

Description

This module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The
following version are affected:

* MOVEit Transfer 2023.0.x (Fixed in 2023.0.11)
* MOVEit Transfer 2023.1.x (Fixed in 2023.1.6)
* MOVEit Transfer 2024.0.x (Fixed in 2024.0.2)

The module can establish an authenticated SFTP session for a MOVEit Transfer user. The module allows for both listing
the contents of a directory, and the reading of an arbitrary file.

Author

sfewer-r7

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use auxiliary/gather/progress_moveit_sftp_fileread_cve_2024_5806
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > show actions
        ...actions...
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > set ACTION < action-name >
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > show options
        ...show and set options...
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today