Rewterz Threat Advisory – Apple Responds To Zero-Day Vulnerability Being Exploited
July 11, 2023Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
July 11, 2023Rewterz Threat Advisory – Apple Responds To Zero-Day Vulnerability Being Exploited
July 11, 2023Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
July 11, 2023Severity
High
Analysis Summary
Progress Software has recently announced a significant security development regarding their widely used secure file transfer software, MOVEit Transfer. The company has successfully identified and patched a critical SQL injection vulnerability, specifically tagged as CVE-2023-36934. This vulnerability represents a severe security flaw that has the potential to grant unauthorized access to the MOVEit Transfer database, even for unauthenticated attackers.
SQL injection vulnerabilities are well-known and highly dangerous, as they enable attackers to manipulate databases and execute arbitrary code. By exploiting this particular vulnerability, attackers can send specially crafted payloads to specific endpoints within the affected application, thus altering or exposing sensitive data stored within the database. What makes CVE-2023-36934 particularly critical is the fact that it can be exploited without requiring valid login credentials. In other words, even attackers without proper authentication can potentially take advantage of this vulnerability. It is important to note, however, that no reports have surfaced indicating active exploitation of this specific vulnerability thus far.
This discovery comes in the wake of a series of recent cyberattacks that targeted MOVEit Transfer by leveraging a different SQL injection vulnerability, known as CVE-2023-34362, in conjunction with the Clop ransomware. These attacks resulted in data theft and extortion, causing significant financial and reputational damage to the affected organizations.
Furthermore, Progress Software has also addressed two additional high-severity vulnerabilities as part of their latest security update. The first vulnerability, CVE-2023-36932, is another SQL injection flaw that can be exploited by attackers who are already logged in, allowing them to gain unauthorized access to the MOVEit Transfer database. The second vulnerability, CVE-2023-36933, permits attackers to unexpectedly shut down the MOVEit Transfer program, causing disruption and potential data loss.
The discovery of these vulnerabilities and subsequent patches were made possible through responsible reporting by security researchers. It is worth noting that these vulnerabilities impact multiple versions of MOVEit Transfer, including 12.1.10 and previous versions, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and earlier.
To mitigate the risks associated with these vulnerabilities, Progress Software has made the necessary updates available for all major versions of MOVEit Transfer. Users are strongly advised to promptly update to the latest version to ensure the security and integrity of their file transfer operations and safeguard their sensitive data from potential unauthorized access and unexpected program shutdowns.
Impact
- Data Manipulation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-36934
- CVE-2023-34362
- CVE-2023-36932
- CVE-2023-36933
Affected Vendors
MOVEit
Affected Products
- Progress MOVEit Transfer 12.1.10
- Progress MOVEit Transfer 13.0.8
- Progress MOVEit Transfer 13.1.6
- Progress MOVEit Transfer 14.0.6
- Progress MOVEit Transfer 14.1.7
- Progress MOVEit Transfer 15.0.3
Remediation
- Refer to Progress Community Web site for patch, upgrade or suggested workaround information.
- Regularly perform comprehensive vulnerability scans and penetration testing to identify and address any potential weaknesses in the system.
- Implement strict input validation and sanitization techniques to prevent SQL injection attacks, ensuring that user-supplied data is properly validated and sanitized before being processed.
- Enforce strong authentication mechanisms such as multi-factor authentication (MFA) to add an extra layer of security and protect against unauthorized access.
- Implement robust logging and monitoring systems to track and analyze system activity, enabling the detection of any suspicious or malicious behavior.
- Provide regular training and awareness programs to educate users and administrators about the risks associated with SQL injection vulnerabilities and best practices for secure coding and application development.
- Establish a responsible disclosure policy and promptly address any reported vulnerabilities or security concerns in collaboration with the software vendor.
- Regularly review and update security configurations and policies to align with industry best practices and ensure the ongoing protection of sensitive data.
- Implement intrusion detection and prevention systems (IDPS) to detect and block SQL injection attempts in real-time.
- Consider engaging the services of a reputable cybersecurity firm to conduct regular security assessments and audits to identify and mitigate potential risks and vulnerabilities