Progress Software, developer of the MOVEit Transfer application, has released a patch to address a new SQL injection vulnerability affecting its file transfer solution that allows the theft of sensitive information.
In an advisory published on June 9, 2023, the company stated, “Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application, which could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. there is,” he said.
“An attacker could send a specially crafted payload to the MOVEit Transfer application endpoint, resulting in the modification and disclosure of the contents of the MOVEit database.”
This flaw affecting all versions of the service is resolved in MOVEit Transfer versions 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1) it was done. .6), and 2023.0.2 (15.0.2). All MOVEit Cloud instances are fully patched.
Cybersecurity firm Huntress reportedly discovered and reported the vulnerability as part of a code review. Progress Software said it has not observed any indication that the newly discovered flaw is being exploited in the wild.
This development comes after the previously reported MOVEit Transfer vulnerability (CVE-2023-34362) was extensively exploited to drop a web shell onto the targeted system.
The activity is attributed to the notorious Cl0p ransomware gang, which has been organizing data theft campaigns and exploiting zero-day bugs in various managed file transfer platforms since December 2020.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
join the session
Kroll, an enterprise research and risk consulting firm, has been experimenting with how cybercrime gangs have exploited CVE-2023-34362 dating back to July 2021, extracting data from compromised MOVEit servers since at least April 2022. I also found evidence that they had devised a way to do it. .
Much of the malicious reconnaissance and testing activity in July 2021 was manual in nature until April 2022, when they switched to automated mechanisms to investigate and gather information from multiple organizations. It is said that
“The Clop threat actor appears to have completed the MOVEit Transfer exploit at the time of the GoAnywhere event and chose to execute the attack sequentially rather than in parallel,” the company said. “These findings highlight significant planning and preparation that presumably precedes large-scale exploitation events.”
The Cl0p actors have also issued extortion notices to affected companies, asking them to contact the group or publish the stolen information on a data exfiltration site by June 14, 2023.
