CISA Adds Progress MOVEit Transfer Zero-Day to Known Exploited Vulnerabilities Catalog

June 2, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a zero-day vulnerability in the Progress MOVEit Transfer file transfer product, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog. The vulnerability is actively being exploited by threat actors to steal data from organizations. MOVEit Transfer is a managed file transfer solution used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability that can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. The advisory published by the company states, “a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer’s database.” Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

The vulnerability affects all MOVEit Transfer versions, but not the cloud version of the product. The company has shared Indicators of Compromise (IoCs) for this attack and urges customers who notice any of the indicators to immediately contact its security and IT teams. Multiple security firms are warning that the vulnerability has been actively exploited in the wild. GreyNoise researchers have observed scanning activity for the login page of MOVEit Transfer located at /human.aspx as early as March 3rd, 2023. Therefore, experts recommend Progress customers to review potentially malicious activity that was recorded in the last 90 days.

By May 31, Rapid7 experts discovered approximately 2,500 instances of MOVEit Transfer publicly accessible on the internet, with a significant portion located in the United States. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies must address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts also recommend private organizations to review the Catalog and address the vulnerabilities in their infrastructure. CISA has ordered federal agencies to fix this flaw by June 23, 2023.

Latest News

• Operation Triangulation: 4-Year Spying Campaign Targets iOS Devices
• Splunk Enterprise Patches High-Severity Vulnerabilities
• XE Group Cybercrime Kingpin Unveiled by Cybersecurity Researchers
• Moxa Addresses Critical Vulnerabilities in MXsecurity Software
• Critical Zyxel Firewall Vulnerability Actively Exploited by Hackers