Under Attack?
Search
Menu

The MOVEit Transfer Vulnerability: What You Need to Know

By RadwareJune 12, 2023

In today’s digital landscape, the security of data transfers is essential. Enterprises globally rely on tools for their data transfer needs in both on-premises and cloud environments. But what happens when these trusted utilities expose vulnerabilities that could lead to escalated privileges and unauthorized access to the environment? The recent discovery of a significant vulnerability in MOVEit—a secure, managed file-transfer utility created by Progress Software— illustrates just how severe the consequences can be.

A Closer Look at CVE-2023-34362

In late May 2023, Progress disclosed a critical vulnerability (tracked as CVE-2023-34362) within the MOVEit Transfer web application. This SQL Injection vulnerability has the potential to allow an unauthenticated attacker to gain access to MOVEit Transfer’s database.

The exploitation of these unpatched systems can occur via HTTP or HTTPS. It should also be noted that the vulnerability has been actively exploited in the wild since May 2023 and is essentially a zero-day exploit. This means that attackers began exploiting the vulnerability before Progress could even release a patch.

The Impact: Ransomware Attacks by the Cl0p Group

The severity of this MOVEit vulnerability was not lost on cybercriminals. Cl0p, the notorious ransomware group, leveraged it in a global ransom campaign that affected various organizations worldwide. Some of the more notable victims include British communications regulator Ofcom, the University of Manchester, the Illinois Department of Innovation & Technology and the Minnesota Department of Education.

CISA Advisory and Mitigation Steps

In response to this critical situation, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert, urging users and organizations to review the MOVEit Transfer Advisory and then take steps to follow the mitigation advice. This includes applying the necessary updates and hunting for any malicious activity in their environments.

Protection Against the Vulnerability

Radware provides signatures to detect and block MOVEit exploits through its Security Update Service (SUS). The following two signatures are specifically designed to protect against the vulnerabilities associated with CVE-2023-34362:

  • Signature “HTTP-MOVEIT-WEBSHELL-HUM-RCE (RWID 21086)” is designed to protect against the Remote Code Execution vulnerability in MOVEit’s web shell.
  • Signature “HTTP-MOVEIT-SPIDLL-ATTE-SQLi (RWID 21088)” is specifically developed to protect against the SQL injection vulnerability in MOVEit.

The MOVEit vulnerability CVE-2023-34362 is a critical reminder of the paramount importance of robust cybersecurity measures in today’s interconnected digital world. While software providers must ensure that their products are secure, it’s equally essential for users and organizations to stay vigilant, update their systems promptly and leverage available protection tools to safeguard against potential attacks.

Posted in: Threat IntelligenceTags:

Radware

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?