New Vulnerabilities Similar to CVE-2023-34362 Identified in MOVEit Transfer and MOVEit Cloud

Share :

On 9 June 2023, Progress released a security advisory detailing newly discovered SQL injection vulnerabilities impacting the MOVEit Transfer web application and Cloud. The vulnerabilities are distinct from CVE-2023-34362, which was actively exploited by Clop Ransomware to exfiltrate data and extort compromised organisations. Although distinct, the vulnerabilities result in nearly identical unauthorised access where threat actors could modify or disclose MOVEit database content.  

All MOVEit Transfer versions are impacted by these vulnerabilities, including End-of-Life (EOL) versions under MOVEit Transfer (DMZ).  

NOTE: MOVEit Cloud is also impacted by these vulnerabilities; however, Progress has tested and deployed a patch to all MOVEit Cloud clusters to remediate them.  

For additional information surrounding CVE-2023-34362 and Arctic Wolf actions surrounding the vulnerability, refer to the Security Bulletins: 

Recommendations 

If your organisation has not applied security patches for CVE-2023-34362, we strongly recommend following the remediation guidance provided in the MOVEit Transfer Critical Vulnerability (May 2023) article here: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023  

If up to date, apply the patches outlined in the table below to remediate the newly discovered vulnerabilities.  

Recommendation: Apply the Latest Security Patches Released by Progress 

Progress has provided two methods to remediate the newly discovered vulnerabilities to minimise disruptions to operational environments.  

Applying the DLL drop-in could reduce operational interruptions to the application during an upgrade compared to a full installer.  

NOTE: To apply the DLL drop-in, your organisation must have the required listed version installed first. 

DLL Drop-in 
Affected Version  Fixed Version  Documentation 
MOVEit Transfer 2023.0.1   MOVEit Transfer 2023.0.2  See the README.txt file in the *.zip file  
MOVEit Transfer 2022.1.5  MOVEit Transfer 2022.1.6   See the README.txt file in the *.zip file  
MOVEit Transfer 2022.0.4  MOVEit Transfer 2022.0.5  
MOVEit Transfer 2021.14  MOVEit Transfer 2021.1.5   See the README.txt file in the *.zip file  
MOVEit Transfer 2021.0.6  MOVEit Transfer 2021.0.7  
MOVEit Transfer 2020.1.6 or later  MOVEit Transfer 2020.1.9   See the README.txt file in the *.zip file  
MOVEit Transfer 2020.0.x or older  MUST upgrade to a supported version  See MOVEit Transfer Upgrade and Migration Guide  

  

Full Installer 
Affected Version  Fixed Version  Documentation 
MOVEit Transfer 2023.0.x  MOVEit Transfer 2023.0.2   MOVEit 2023 Upgrade Documentation  
MOVEit Transfer 2022.1.x  MOVEit Transfer 2022.1.6   MOVEit 2022 Upgrade Documentation 
MOVEit Transfer 2022.0.x  MOVEit Transfer 2022.0.5  
MOVEit Transfer 2021.1.x  MOVEit Transfer 2021.1.5   MOVEit 2021 Upgrade Documentation  
MOVEit Transfer 2021.0.x  MOVEit Transfer 2021.0.7  
MOVEit Transfer 2020.1.x  Special Patch Available  See KB Vulnerability (May 2023) Fix for MOVEit Transfer 2020.1 (12.1) 
MOVEit Transfer 2020.0.x or older  MUST upgrade to a supported version   See MOVEit Transfer Upgrade and Migration Guide  
MOVEit Cloud 

Prod: 14.1.6.97 or 14.0.5.45  

Test: 15.0.2.39  

All MOVEit Cloud systems are fully patched at this time.  

Cloud Status Page  

 

Please follow your organisation’s patching and testing guidelines to avoid any operational impact. 

References 

Steven Campbell

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.
Share :
Table of Contents
Categories