CVE-2023-35708: MOVEit Transfer Critical Vulnerability
Progress, the trailblazing software development company, has unearthed a potent security vulnerability nestled within its MOVEit Transfer. This flaw threatens to pave the way for escalated privileges and the alarming possibility of unauthorized access to the environment.
The newly identified defect, earmarked as CVE-2023-35708, encapsulates an SQL injection vulnerability. Such vulnerabilities can act as gateways to escalated privileges, enabling potential unauthorized access to the user environment.
“Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment,” Progress said.
In an assertive response to the unanticipated exposure, Progress made the strategic decision to suspend HTTPs traffic for MOVEit Cloud. “We implore all MOVEit Transfer patrons to promptly terminate their HTTP and HTTPs traffic. This preemptive action is essential to fortifying their environments while we diligently work towards the finalization of a remedial patch,” a Progress representative added.
Pending the release of security upgrades for the afflicted MOVEit Transfer versions, Progress urges a temporary alteration to firewall rules. This robust measure would involve the denial of HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443. Consequently, user access via the web UI would be interrupted; however, file transfers will remain operational due to the continued functionality of SFTP and FTP/s protocols.
Administrators retain the option to access MOVEit Transfer via the Windows server by connecting remotely and navigating to https://localhost/.
CVE-2023-35708 exposure to potential cyber exploitation surfaces just a week after Progress divulged an alternate set of SQL injection vulnerabilities, tracked as CVE-2023-35036. These vulnerabilities reportedly posed a substantial risk of unauthorized access to the application’s database content.
Joining the roster is CVE-2023-34362, a notorious vulnerability exploited as a zero-day by the Clop ransomware syndicate in data theft onslaughts.
An analysis by Censys, a pioneering web-based search platform for evaluating the attack surface of internet-connected devices, reveals that almost 31% of more than 1,400 exposed hosts running MOVEit inhabit the financial services industry. The healthcare sector follows closely with 16%, trailed by 9% in information technology, and 8% nestled within the government and military sectors. Alarmingly, nearly 80% of these servers are rooted in the U.S., highlighting the extensive reach of this vulnerability.
Stay tuned for further updates and preventative measures concerning this critical security flaw as Progress works tirelessly towards a resolution.
