Progress Software has disclosed yet another vulnerability in its MOVEit Transfer application, marking the third vulnerability that the company has reported. The latest vulnerability, known as CVE-2023-35708, was discovered by Progress Software alongside two previous vulnerabilities, CVE-2023-34362 and CVE-2023-35036. These vulnerabilities pose serious security risks and could potentially allow unauthenticated attackers to access MOVEit’s database.
The details of the vulnerability were outlined in an advisory released by Progress Software on June 15. The vulnerability is related to SQL injection, a common attack technique where malicious code is injected into a database query, allowing attackers to manipulate the database content. In this case, if attackers present a payload into the MOVEit Transfer application endpoint, they can modify the database content. Progress Software is urging MOVEit Transfer customers to take immediate action to strengthen their environments and protect against potential attacks.
In a press statement, Progress Software stated, “As we continue to investigate the issue related to MOVEit Cloud and MOVEit Transfer that we previously reported, an independent source has disclosed a new vulnerability that could be exploited by a bad actor.” This indicates that the company is actively working to address these vulnerabilities and protect its customers.
The disclosure of this latest vulnerability comes shortly after the Cybersecurity and Infrastructure Security Agency (CISA) revealed that federal agencies were impacted by the Cl0p ransomware gang’s use of the MOVEit Transfer tool. This ongoing cyberattack utilizes what was once a zero-day bug, which has since been patched. Eric Goldstein, CISA’s executive assistant director for cybersecurity, stated that CISA is providing support to several federal agencies affected by intrusions targeting their MOVEit applications. Two Department of Energy victims have already been identified: Oak Ridge Associated Universities and Waste Isolation Pilot Plant.
These cyberattacks, which exploit vulnerabilities in the MOVEit Transfer program, have not only affected numerous government agencies but also a wide range of companies and organizations. The consequences include stolen information, disrupted systems, and, in some cases, demands for ransom payments. The number of victims is expected to be substantial and could potentially reach into the hundreds.
Although there has been no evidence of threat actors exploiting the recently disclosed vulnerability, MOVEit is actively working with its customers to ensure the security of their environments. By communicating with customers and implementing necessary measures, MOVEit aims to protect against potential exploitation of the vulnerability.
As the cybersecurity landscape continues to evolve, it’s crucial for organizations to remain vigilant and take proactive measures to safeguard their systems and data. Addressing vulnerabilities promptly, implementing strong security practices, and staying informed about emerging threats are essential steps in mitigating the risk of cyberattacks.