New third MOVEit software zero day vulnerability used to hack companies

The innovative software development firm Progress discovered a serious security flaw hidden inside its MOVEit Transfer product. The flaw might allow an attacker to steal sensitive information. This vulnerability has been identified in Progress Moveit Transfer, and it has the potential to allow for higher privileges as well as access that is not permitted. MOVEit Transfer is a managed file transfer program that enables the organization to securely transmit data between business partners and customers utilizing SFTP, SCP, and HTTP-based uploads. The product was developed by MOVEit. An attacker might then install programs; read, alter, or remove data; or create new accounts with full user rights; depending on the privileges connected with the user. Users whose accounts are set up to have less user rights on the system may be less affected by the change than users who operate with administrative user rights because those users’ accounts are setup to have fewer user rights on the system.An SQL injection vulnerability is included inside the newly discovered flaw, which has been given the identifier CVE-2023-35708. These kinds of vulnerabilities may serve as entry points to higher privileges, opening the door to the possibility of unauthorized access to the user environment. Progress came to the conclusion that the best course of action would be to temporarily halt HTTPs traffic for the MOVEit Cloud as an aggressive reaction to the unexpected vulnerability. “We urge each and every one of you who use MOVEit Transfer to immediately end all of your HTTP and HTTPS connections. “We are working diligently towards the completion of a remedial patch, and this preventative measure is essential to fortifying their environments in the interim while we are doing so,” a Progress spokesperson said.

Progress strongly recommends making a temporary adjustment to the firewall rules in the interim before the delivery of security updates for the affected versions of MOVEit Transfer. This effective countermeasure would include blocking HTTP and HTTPS connections to MOVEit Transfer on ports 80 and 443, respectively. As a direct result of this, user access via the web UI would be disrupted; nevertheless, file transfers would continue to work properly as a result of the continuous functioning of the SFTP and FTP/s protocols.

The ability to access MOVEit Transfer through the Windows server is still available to administrators, and they may do so by connecting remotely and browsing to the https://localhost/ address.

Only a week has passed after Progress disclosed an other set of SQL injection vulnerabilities that are being tracked under the name CVE-2023-35036, and now an exposure to possible cyber exploitation known as CVE-2023-35708 has emerged. According to reports, these vulnerabilities provide a significant opportunity for unauthorized users to access the content of the application’s database.

The renowned vulnerability CVE-2023-34362, which was used as a zero-day by the Clop ransomware syndicate in their data theft onslaughts, has been added to the list of vulnerabilities.

An investigation conducted experts for analyzing the attack surface of internet-connected devices, found that the financial services sector is home to approximately 31 percent of the more than 1,400 vulnerable hosts that are running MOVEit. The information technology industry comes in second with 9%, followed by the government and military sectors, which account for 8%, and the healthcare industry, which comes in third with 16%. The fact that over 80% of these servers are located in the United States is quite concerning and highlights the widespread reach of this vulnerability.

RECOMMENDATIONS:

In addition to the suggestions for corrective steps made by Progress, we suggest that the following activities be taken:

Turn off any and all traffic to your MOVEit Transfer environment that uses HTTP and HTTPS until a fix is made available.
On systems that are susceptible, immediately after doing proper testing, apply the necessary patches and workarounds that have been supplied by Progress.