I still like to MOVEit MOVEit
This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in the MOVEit Transfer SFTP service (CVE-2024-5806). It is possible to authenticate to the SFTP service as any user as long as a valid username is known and the "Remote Access Rules" allows the attacker IP address. On successful attack, it is possible to access any file on the SFTP server that the user has permission to access. The module lets you list directories and display (or download) files.
The following version of MOVEit Transfer are affected:
MOVEit Transfer 2023.0.x (fixed in 2023.0.11)
MOVEit Transfer 2023.1.x (fixed in 2023.1.6)
MOVEit Transfer 2024.0.x (fixed in 2024.0.2)
New module content (3)
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
Author: sfewer-r7
Type: Auxiliary
Pull request: #19295 contributed by sfewer-r7
Path: gather/progress_moveit_sftp_fileread_cve_2024_5806
AttackerKB reference: CVE-2024-5806
Description: This module exploits an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The vulnerable versions are MOVEit Transfer 2023.0.x until 2023.0.11; MOVEit Transfer 2023.1.x until 2023.1.6; MOVEit Transfer 2024.0.x until 2024.0.2; allowing to list remote directories and reading files without authentication.
Zyxel parse_config.py Command Injection
Authors: SSD Secure Disclosure technical team and jheysel-r7
Type: Exploit
Pull request: #19204 contributed by jheysel-r7
Path: linux/http/zyxel_parse_config_rce
AttackerKB reference:
Support the originator by clicking the read the rest link below.
