CISA Adds Progress MOVEit Transfer Zero-Day to Known Exploited Vulnerabilities Catalog

June 2, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a zero-day vulnerability in the Progress MOVEit Transfer file transfer product, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog. The vulnerability is actively being exploited by threat actors to steal data from organizations. MOVEit Transfer is a managed file transfer solution used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability that can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. The advisory published by the company states, “a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer’s database.” Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

The vulnerability affects all MOVEit Transfer versions, but not the cloud version of the product. The company has shared Indicators of Compromise (IoCs) for this attack and urges customers who notice any of the indicators to immediately contact its security and IT teams. Multiple security firms are warning that the vulnerability has been actively exploited in the wild. GreyNoise researchers have observed scanning activity for the login page of MOVEit Transfer located at /human.aspx as early as March 3rd, 2023. Therefore, experts recommend Progress customers to review potentially malicious activity that was recorded in the last 90 days.

By May 31, Rapid7 experts discovered approximately 2,500 instances of MOVEit Transfer publicly accessible on the internet, with a significant portion located in the United States. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies must address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts also recommend private organizations to review the Catalog and address the vulnerabilities in their infrastructure. CISA has ordered federal agencies to fix this flaw by June 23, 2023.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.