[German]Administrators responsible for supporting Progress Software's MOVEit managed file transfer (MFT) solution need to respond again. After the SQL injection vulnerability CVE-2023-34362, which was exploited by a ransomware group and became public at the end of May 2023, comes the next problem. Audits have discovered a new vulnerability that needs to be patched in a timely manner.
What is MOVEit?
MOVEit is a managed file transfer (MFT) software that allows transferring files between different computers. The software is developed by Ipswitch, a subsidiary of the US company Progress Software Corporation. MOVEit is often used in companies to exchange files between customers or business partners via the Internet. Uploads are supported via the SFTP, SCP and HTTP protocols in order to transfer the files securely.
What is the problem?
The use of the MOVEit Transfer software in corporate environments for the purpose of exchanging data must now be considered "grossly negligent". German security expert Martin Tschirsich points out in this tweet that the software has actually attracted permanent attention in recent years due to SQL injection vulnerabilities and should be considered insecure per se.
At the end of May 2023, the MOVEit vulnerability CVE-2023-34362 became known (see Warning: MOVEit vulnerability is abused in attacks, data extradicted), and it turned out that this vulnerability was specifically exploited by the Lace Tempest/Clop ransomware gang (presumably already since 2021) (see Lace Tempest/Clop ransomware gang exploits MOVEit vulnerability CVE-2023-34362). Many organizations and companies are affected – I covered it within my German blog post MOVEit-Schwachstelle tangiert 100 deutsche Firmen, AOKs von Datenabfluss betroffen? – because German entities has been breached.
New vulnerability discovered
Security researcher John Hammond points out in the following tweet that (as part of a security audit) a new vulnerability has been discovered in the MOVEit Transfer software, for which there is no CVE yet.
The vendor issued a June 9, 2023, announcement titled MOVEit Transfer and MOVEit Cloud Vulnerability and writes:
In addition to the ongoing investigation of the vulnerability (CVE-2023-34362), we have partnered with external cybersecurity experts to conduct additional detailed code reviews to further protect our customers. As part of these code reviews, cybersecurity firm Huntress helped us uncover additional vulnerabilities that could be exploited by a malicious actor to launch an attack. These newly discovered vulnerabilities are different from the previously reported vulnerability that was published on May 31, 2023.
All MOVEit Transfer customers must install the new patch released on June 9, 2023. Details on the required steps can be found in the MOVEit Transfer Knowledge Base Article MOVEit Transfer Critical Vulnerability – CVE Pending Reserve Status (June 9, 2023). Another article Status June 2023 security vulnerabilities in MOVEit Cloud (CVE Pending MITRE) has been published. The investigation is still ongoing, but currently there is no evidence that these newly discovered vulnerabilities have been exploited. The colleagues from Bleeping Computer have published another list of patched versions here.
Warning: MOVEit vulnerability is abused in attacks, data extradicted
Lace Tempest/Clop ransomware gang exploits MOVEit vulnerability CVE-2023-34362
MOVEit-Schwachstelle tangiert 100 deutsche Firmen, AOKs von Datenabfluss betroffen?
Cookies helps to fund this blog: Cookie settings