CISA Warns Of Major MOVEit File Transfer Software Vulnerability

Highlights:

• MOVEit is a managed file transfer software designed to facilitate secure and compliant file transfers for sensitive data between organizations.
• MOVEit can automate complex procedures, administer and monitor all file transfers in real time, and guarantee that they are dependable and predictable.

According to sources, the United States Cybersecurity and Infrastructure Security Agency has added a severe vulnerability in Progress program Corp.’s MOVEit file transfer program to its Known Exploited Vulnerabilities Catalog and ordered all government entities to update their systems by June 23.

MOVEit is managed file transfer software created and designed to allow safe and compliant file transfers across companies. MOVEit is capable of automating complicated operations, addressing and viewing all file transfer activities in real time, and ensuring reliable and predictable file transfer. It offers at-rest and in-transit encryption and supports secure protocols such as FTPS, HTTPS, and SFTP.

The CVE-2023-34362 software vulnerability is actively exploited by threat actors who have seized data from multiple organizations. A remote, unauthenticated attacker can exploit this vulnerability by transmitting a specially crafted SQL injection to a vulnerable installation of MOVEit Transfer.

An adversary gains access to the underlying MOVEit Transfer instance if an exploit is successful. Depending on the database engine in use, such as MySQL, Microsoft SQL Server, or Azure SQL, an adversary may be able to determine the database’s structure and data.

Both the on-premises and cloud variants of MOVEit are susceptible to vulnerability. Recently, Progress Software issued a security advisory regarding the exposure, including mitigation instructions.

Mike Parkin, Senior Technical Engineer at cyber risk remediation company Vulcan Cyber Ltd., said, “For users of the affected software, this is a potentially serious issue and they should follow the vendor’s guidance in mitigation and remediation as quickly as practical. While exploits don’t appear to be widespread so far and there aren’t a huge number of vulnerable systems, it’s always best to be proactive when there are exploits happening in the wild. MOVEit has released patches and compensating controls and indications of compromise for this exploit are easy to spot.”

Craig Jones, vice president of security operations at managed detection and response provider Ontinue Inc., cautioned that the MOVEit Transfer vulnerability is a stark reminder of the constant threats in the digital landscape.

Craig Jones said, “The vulnerability at hand, a SQL injection flaw, could lead to escalated privileges and unauthorized access, allowing attackers to steal sensitive data from organizations. The MOVEit Transfer case bears a striking resemblance to a slew of SQLi attacks happening on file storage and transfer systems, the latest being QNAP devices and a high-profile attack by Clop on Fortra’s GoAnywhere file transfer software, underscoring the potential severity of such vulnerabilities.”