overview
Three new vulnerabilities, tracked as CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933, were found in Progress Software’s MOVEit File Transfer software. These new vulnerabilities come on the heels of several critical SQL injection flaws found in the software last month.
CVE-2023-36934 is a critical SQL injection vulnerability in the MOVEit Transfer web application that can be exploited by an unauthenticated user. According to Progress’s advisory, an attacker could gain unauthorized access to the MOVEit Transfer database by submitting a crafted payload to a MOVEit Transfer application endpoint.
CVE-2023-36932 is a high-severity SQL injection vulnerability that can be exploited by an attacker after authentication. Both CVE-2023-36934 and CVE-2023-36932 impact several versions of MOVEit Transfer:
The final vulnerability, CVE-2023-36933 is a high-severity flaw that allows attackers to terminate the program unexpectedly. The vulnerability impacts the following MOVEit Transfer versions:
Last month, Clop exploited a MOVEit File Transfer zero-day vulnerability (CVE-2023-34362). The threat actor had been experimenting with exploitation of the vulnerability for two years due to the vulnerability not being fixed until a few days after its discovery. The new vulnerabilities have not been exploited in the wild, but Avertium and Progress Software recommend that all users apply the appropriate patches as soon as possible.
Affected Version |
Fixed Version (Full Installer) |
Documentation |
Release Notes |
MOVEit Transfer 2023.0.x (15.0.x) |
|||
MOVEit Transfer 2022.1.x (14.1.x) |
|||
MOVEit Transfer 2022.0.x (14.0.x) |
|||
MOVEit Transfer 2021.1.x (13.1.x) |
|||
MOVEit Transfer 2021.0.x (13.0.x) |
|||
MOVEit Transfer 2020.1.6 (12.1.6) or later |
Special Service Pack Available |
See KB 000236830 |
|
MOVEit Transfer 2020.0.x (12.0.x) or older |
Must Upgrade to a Supported Version |
See MOVEit Transfer Upgrade and |
N/A |
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION