Progress Software Addresses New SQL Injection Vulnerabilities in MOVEit Transfer Application"
Progress Software, the developer of the popular file transfer solution MOVEit Transfer, has recently released patches to fix critical SQL injection vulnerabilities in their web application. These vulnerabilities pose a serious risk of unauthorized access to the MOVEit Transfer database, potentially leading to the theft of sensitive information.
In their advisory released on June 9, 2023, Progress Software stated that the flaws could be exploited by submitting a specially crafted payload to an endpoint within the MOVEit Transfer application. This could allow an attacker without authentication to modify and expose the contents of the MOVEit database.
The identified vulnerabilities impact all versions of the MOVEit Transfer service. To address these issues, Progress Software has released patches in the form of updated versions, including 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). Additionally, all MOVEit Cloud instances have been fully patched to mitigate these vulnerabilities.
The cybersecurity firm Huntress deserves credit for discovering and reporting these vulnerabilities during a thorough code review. Fortunately, Progress Software has not observed any signs of active exploitation of these newly discovered flaws.
It is worth noting that this development comes at a time when a previously reported vulnerability in MOVEit Transfer (CVE-2023-34362) has been heavily exploited to deploy web shells on targeted systems.
This malicious activity has been attributed to the notorious Cl0p ransomware gang, known for orchestrating data theft campaigns and exploiting zero-day vulnerabilities in various managed file transfer platforms since December 2020.
Kroll, a corporate investigation and risk consulting firm, has also found evidence suggesting that the cybercriminal gang has been experimenting with ways to exploit CVE-2023-34362 since July 2021. They have been devising methods to extract data from compromised MOVEit servers since at least April 2022.
Notably, the Cl0p threat actors engaged in manual reconnaissance and testing activities in July 2021, transitioning to automated mechanisms in April 2022 to target multiple organizations and gather information.
These findings underscore the extensive planning and preparation that often precede large-scale exploitation events. Furthermore, the Cl0p actors have issued an extortion notice to the affected companies, urging them to contact the group by June 14, 2023, to prevent the publication of their stolen information on a data leak site.
It is crucial for organizations using MOVEit Transfer to promptly apply the available patches and remain vigilant against potential cyber threats.
