1.0 Introduction
Recently, Progress Software identified and patched a vulnerability (CVE-2024-6576) in Progress MOVEit Transfer which can lead to Privilege Escalation.
2.0 Impact
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead an attacker to Privilege Escalation.
3.0 Affected Products
- Progress MOVEit Transfer (SFTP Module) - CVE-2024-6576: This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.
4.0 Recommendations
NOTICE: All MOVEit Transfer customers must take action and apply the patch to address the June 2024 vulnerability discovered in MOVEit Transfer.
CyberSecurity Malaysia urges users and organizations to review the MOVEit Transfer Advisory, follow the mitigation steps, apply the necessary updates, and hunt for any malicious activity.
Kindly refer to the URL for more information:
Generally, we advise users of this device to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
5.0 References