Highlights
- Last month, it was discovered that the Clop ransomware group exploited a zero-day vulnerability in the Progress MOVEit File Transfer software.
- The SQL injection exploit is tracked as CVE-2023-36932, and the flaw has a high severity rating as the attacker could exploit the flaw after the authentication.
- The security vulnerabilities affect several of the software, and users are advised to upgrade the software that includes 2.1.10 and older versions, 13.0.8 and older, 13.1.6 & older, 14.0.6 & older, and 14.1.7 & older.
Last month, it was discovered that threat actors, particularly the Clop ransomware group exploited a zero-day vulnerability in the Progress MOVEit File Transfer software. The MOVEit vulnerability is tracked as CVE- 2023-34362; Threat actors exploited the security flaws to steal data from big organizations all over the world
MOVEit transfer is a managed file transfer software that encrypts files and uses secure File Transfer Protocols to transfer data and also has automation & failover services.
Another SQL injection vulnerability that has been found in the MOVEit file transfer web app could allow a substantiate attacker to get unauthorized access to the MOVEit transfer database.
According to the MOVEit Transfer advisory, An attacker could submit a crafted payload to a MOVEit transferred web application which could rest in modification and disclosure of MOVEit database content
The SQL injection exploit is tracked as CVE-2023-36932, and the flaw has a high severity rating as the attacker could exploit the flaw after the authentication.
The two SQL injection’s security flaws affect several versions of the MOVEit file transfer application that, includes version 12.1.10 and older versions, 13.0.8 and older, 13.1.6 & older, 14.0.6 & older, 14.1.7 & older, and 15.0.3 & older.
The firm also addressed the third security flaw, which is tracked as CVE-2023-36933; the flaw is also of high severity problem as it can cause the program to terminate unexpectedly.
The third security vulnerability also affects several versions of MOVEit file transfer as well well, like 13.0.8 and older, 13.1.6 & older, 14.0.6 & older, 14.1.7 & older, and 15.0.3 & older.
MOVEit File Transfer software company recommends its users upgrade to the versions that fix several security flaws.
Read: BlackCAT Ransomware Group Pushes Malicious Installers via Malvertising
| Affected Versions | Patched Version (Full Installer) |
|---|---|
| MOVEit Transfer 2020.0.x (12.0.x) & older | Must upgrade to the supported version |
| MOVEit Transfer 2020.1.6 (12.1.6) or later | Special service pack available |
| MOVEit Transfer 2021.0.x (13.0.x) | MOVEit Transfer 2021.1.0.9 (13.0.9) |
| MOVEit Transfer 2021.1.x (13.1.x) | MOVEit Transfer 2021.1.7 (13.7) |
| MOVEit Transfer 2022.0.x (14.0.x) | MOVEit Transfer 2022.0.7 (14.0.7) |
| MOVEit Transfer 2022.1.x (14.1.x) | MOVEit Transfer 2022.1.8 (14.1.8) |
| MOVEit Transfer 2023.0.x (15.0.x) | MOVEit Transfer 2023.0.4 (15.0.4) |
The company patched the security vulnerability after a couple of days of the vulnerability discoveries. Although it is revealed that the patches came nearly two years after the security vulnerabilities were first exploited in the wild.
The firm launched a security audit soon after and patched all these critical security vulnerabilities. As Progess MOVEit is handling the massive consequences of the security vulnerabilities, it has introduced monthly security updates named Service Pack.
This should help Progress MOVEit in making the upgrades smooth and allow them to patch flaws quicker.
Read: Threat Actors Use Trojanized Super Mario 3 Game Installer to Spread Malware
Directly in Your Inbox
