Critical Zero-Day Flaw Exploited in MOVEit Transfer


A critical security threat has been discovered in the MOVEit Transfer file transfer software that would enable attackers to steal data from organizations.

The zero-day vulnerability, which was uncovered by Progress last week, is an SQL injection weakness found in the managed file transfer (MFT) product. 

This flaw (CVE-2023-34362) can grant escalated privileges and unauthorized access. 

“An attacker may be able to infer information about the structure and contents of a MOVEit Transfer database, or even alter or delete database elements,” explained Zane Bond, head of product at Keeper Security.

Progress, in its original advisory, did not mention any instances of exploitation. However, according to a more recent blog post by Rapid7 (and the updated Progress one), active exploitation of the vulnerability is now being seen.

“We have observed an uptick in related cases since the vulnerability was disclosed publicly on May 31, 2023; Rapid7 intelligence indicates that the threat actors leveraging [it] have exploited a wide range of organizations, particularly in North America,” reads the blog post.

As of May 31, there were approximately 2500 publicly accessible instances of MOVEit Transfer, according to the company.

The vulnerability affects all MOVEit Transfer versions released before May 31 2023. It is crucial to apply the available fixes and patches released by MOVEit promptly, warned Rapid7.

Additionally, users of MOVEit Transfer with Microsoft Azure integration should take immediate action to rotate their Azure storage keys.

“The MOVEit Transfer case bears a striking resemblance to a slew of SQLi attacks happening on file storage and transfer systems, the latest being QNAP devices and a high-profile attack by Clop on Fortra’s GoAnywhere file transfer software,” commented Craig Jones, vice president of security operations at Ontinue.

Read more on the GoAnywhere flaw: Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients.

The security expert added that, from an application security standpoint, the vulnerability found in MOVEit Transfer serves as a reminder of the criticality of thorough input validation, robust access control and secure coding practices in safeguarding against such exploits.



Source link