MOVEit Transfer: New security advisory and update (July 6, 2023)

Sicherheit (Pexels, allgemeine Nutzung)[German]I hope, admins who are responsible for MOVEit Transfer in enterprises already have stopped using this software. Because after the MOVEit Transfer disaster with the vulnerabilities disclosed at the end of May 2023 and the data theft by the Clop ransomware group, there is a new update of the software, closing 3 vulnerabilities and also a new security advisory.


Advertising

New MOVEit Transfer security advisory

The maker of managed file transfer (MFT) software MOVEit, U.S.-based Progress Software Corporation, has released new security updates as of June 6, 2023, along with a new security advisory regarding the software. The just-released MOVEit Transfer Service Pack July 2023 includes fixes for three newly disclosed CVEs, as well as improvements to the MOVEit Transfer database and installer. The closed vulnerabilities are:

  • CVE-2023-36934 (CRITICAL): In Progress MOVEit Transfer versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.
  • CVE-2023-36932 (HIGH): In Progress MOVEit Transfer versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.
  • CVE-2023-36933 (HIGH): In Progress MOVEit Transfer versions released before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method which results in an unhandled exception.  Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.

PProgress Software strongly recommends that customers install this service pack to receive product updates and security enhancements. The Knowledgebase article about the service pack provides more details and also hints about patched versions. The colleagues from Bleeping Computer have taken up the topic here.

What is MOVEit?

MOVEit is a managed file transfer (MFT) software that allows transferring files between different computers. The software is developed by Ipswitch, a subsidiary of the US company Progress Software Corporation. MOVEit is often used in companies to exchange files between customers or business partners via the Internet. Uploads are supported via the SFTP, SCP and HTTP protocols in order to transfer the files securely.

At the end of May 2023, the MOVEit vulnerability CVE-2023-34362 became known (see Warning: MOVEit vulnerability is abused in attacks, data extradicted), and it turned out that this vulnerability was specifically exploited by the Lace Tempest/Clop ransomware gang (presumably already since 2021) (see Lace Tempest/Clop ransomware gang exploits MOVEit vulnerability CVE-2023-34362). Many organizations and companies are affected – I covered it within my German blog post MOVEit-Schwachstelle tangiert 100 deutsche Firmen, AOKs von Datenabfluss betroffen? – because German entities has been breached.

Similar articles:
Warning: MOVEit vulnerability is abused in attacks, data extradicted
Lace Tempest/Clop ransomware gang exploits MOVEit vulnerability CVE-2023-34362
MOVEit Transfer: New vulnerability; patch urgently!


Advertising


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Cloud, Security, Software, Update and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *