In recent news, it has been discovered that the MOVEit transfer service pack has been found to have three vulnerabilities associated with SQL injections and a Reflected Cross-Site Scripted (XSS) threat. The severity of these vulnerabilities ranges from Medium to High.
The MOVEit transfer service pack, owned by Progress, has been targeted by threat actors in a ransomware campaign that has affected several organizations. Some of the organizations that have reported being affected by MOVEit vulnerability are Shell, BBC, British Airways, CalPERS, Honeywell, and US government agencies.
One of the vulnerabilities, known as CVE-2023-42660, is a SQL injection vulnerability that was discovered on the MOVEit Transfer machine interface. This vulnerability could potentially allow unauthorized access to the MOVEit Transfer database. In order to exploit this vulnerability, a threat actor would need to submit a carefully crafted payload to the MOVEit Transfer machine interface. If successfully exploited, this vulnerability could result in the modification and disclosure of MOVEit database content. However, it is important to note that a threat actor would need to be authenticated to exploit this vulnerability. The severity of this vulnerability has been classified as High (8.8).
Another SQL injection vulnerability, known as CVE-2023-40043, exists in the MOVEit Transfer web interface. Similar to the previous vulnerability, this one could also lead to unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer web interface. If successfully exploited, the vulnerability could result in the modification and disclosure of MOVEit database content. However, in order to exploit this vulnerability, a threat actor would need access to a MOVEit system administrator account. The severity of this vulnerability has been classified as High (7.2).
The third vulnerability, known as CVE-2023-42656, is a Reflected XSS vulnerability found in the MOVEit Transfer’s web interface. This vulnerability can be exploited by a malicious payload during the package composition procedure. A threat actor could craft a malicious payload and target MOVEit Transfer users. When interacting with the payload, the user’s browser could execute malicious JavaScript. The severity of this vulnerability has been classified as Medium (6.1).
To address these vulnerabilities, users are strongly recommended to upgrade to the September Service Pack. This update will fix the vulnerabilities and provide protection against potential exploitation. Additionally, users are advised to limit sysadmin account access to further mitigate the risk of these vulnerabilities.
Progress has released a security advisory that includes a comprehensive list of affected products, as well as detailed information about the identified vulnerabilities. Users are encouraged to review this advisory and take appropriate actions to secure their systems.
It is crucial for organizations to stay informed about the latest cybersecurity news and updates. By following reliable sources such as Google News, Linkedin, Twitter, and Facebook, organizations can stay up-to-date with the latest developments and take necessary measures to protect their systems and data.