Cyber Security Threat Summary:
“MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update that fixes a critical-severity SQL injection bug and two other less severe vulnerabilities. SQL injection vulnerabilities allow attackers to craft special queries to gain access to a database or tamper with it by executing code. For these attacks to be possible, the target application must suffer from a lack of appropriate input/output data sanitization” (Bleeping Computer, 2023).

Progress, the developer of MOVEit Transfer found multiple SQL injection problems in their product. Most notably was CVE-2023-36934, a critical vulnerability that can be exploited without user authentication. “A SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database,” reads Progress’s security bulletin. An attacker could potentially send a specially crafted payload to a MOVEit Transfer endpoint which could result in modification and disclosure of MOVEit database content.

A second SQL injection flaw is identified as CVE-2023-36932 and received a high-severity rating because an attacker could exploit it after authentication. The two SQL injection security issues impact multiple versions of MOVEit Transfer, including 12.1.10 and older, 13.0.8 and older, 13.1.6 and older, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and older.

A third vulnerability addressed with this patch is CVE-2023-36933, a high-severity problem that lets attackers cause unexpected termination of the program. This flaw impacts MOVEit Transfer versions 13.0.8 and older, 13.1.6 and older, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and older.

Security Officer Comments:
MOVEit Transfer vulnerabilities, specifically CVE-2023-34362 have been the target of the Cl0p ransomware gang, who have used the zero-day to carry out mass exploitation attacks against organizations worldwide.

The software vendor fixed the flaw a few days after its discovery, but it was revealed that the fixes came roughly two years after the first exploitation in the wild had started. Cl0p moved quickly to attack a plethora of targets before Progress was able to issue a patch. The group has been contacting victims and uploading their profiles to their data leak website.

Progress is now releasing regular security updates called Service Packs monthly, these will streamline the software upgrade process for MOVEit Transfer admins and apply fixes more quickly.

Suggested Correction(s):
Users of MOVEit Transfer are recommended to upgrade to the latest versions of the software, which address the mentioned vulnerabilities.

Link(s):
https://www.bleepingcomputer.com/