module

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

Try Surface Command
Back to search
Disclosed
Jun 25, 2024
Created
Jul 8, 2024

Description

This module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The
following version are affected:

* MOVEit Transfer 2023.0.x (Fixed in 2023.0.11)
* MOVEit Transfer 2023.1.x (Fixed in 2023.1.6)
* MOVEit Transfer 2024.0.x (Fixed in 2024.0.2)

The module can establish an authenticated SFTP session for a MOVEit Transfer user. The module allows for both listing
the contents of a directory, and the reading of an arbitrary file.

Author

sfewer-r7

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use auxiliary/gather/progress_moveit_sftp_fileread_cve_2024_5806
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > show actions
        ...actions...
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > set ACTION < action-name >
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > show options
        ...show and set options...
    msf auxiliary(progress_moveit_sftp_fileread_cve_2024_5806) > run
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report