Brand-New Security Bugs Affect All MOVEit Transfer Versions

  /     /     /  
Publicated : 23/11/2024   Category : security


Brand-New Security Bugs Affect All MOVEit Transfer Versions


Progress has issued a second patch for additional SQL flaws that are distinct from the zero-day that the Cl0p ransomware gang is exploiting.



Just days after Progress Software patched a widely exploited zero-day vulnerability in its MOVEit Transfer app, the company has issued a second patch to address additional SQL Injection vulnerabilities in it that a security vendor uncovered during a code review this week.
The vulnerabilities are present in all MOVEit Transfer versions and could allow an unauthenticated attacker to gain access to the MOVEit Transfer database and to modify or steal data in it. The new flaws have not been assigned a CVE yet but will get one soon.
The investigation is ongoing, but currently, we have not seen indications that these newly discovered vulnerabilities have been exploited, Progress said.
In a June 9 advisory, Progress urged customers to install the new patch immediately, citing the potential for threat actors to exploit the flaws in more attacks. These newly discovered vulnerabilities are distinct from the previously reported vulnerability shared on May 31, 2023,
Progress said
. All MOVEit Transfer customers must apply the new patch, released on June 9. 2023.
Progress described Huntress as discovering the vulnerabilities as part of a code review.
Progress Softwares new patch comes amid reports of the Cl0p ransomware group widely exploiting a separate, zero-day flaw (
CVE-2023-34362
) in MOVEit Transfer. The threat group
discovered the flaw about two years ago
and has been exploiting it to steal data from thousands of organizations worldwide. Known victims include the BBC, British Airways, and the government of Nova Scotia. The US Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations of the potential for
widespread impact
going forward.
Researchers from Huntress discovered the vulnerabilities during their analysis of the MOVEit Transfer app. They had earlier
provided a detailed analysis
of how Cl0p threat actors had exploited the vulnerability in its worldwide extortion campaign.
Huntress uncovered different attack vectors following our proof-of-concept recreation of the original exploit, and evaluating the effectiveness of the first patch, a Huntress spokesperson says. These are distinct flaws not addressed in the initial patch, and we responsibly disclosed these to the Progress team, encouraging this secondary patch release.
Currently, Huntress has not observed any new exploitation surrounding this new CVE, he adds — though that could quickly change.
According to Progress, organizations that have already applied the companys patch for the original zero-day bug from May 31, 2023, can straight away apply the patch for new vulnerabilities as outlined in its
remediation advice
. Organizations that have not yet patched against the first flaw should instead follow alternate remediation and patching steps that
Progress has outlined.
Progress has automatically patched MOVEit Cloud with the latest update as well, but we encourage customers to review their audit logs for signs of unexpected or unusual file downloads, and continue to review access logs and systems logging, together with our systems protection software logs.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Brand-New Security Bugs Affect All MOVEit Transfer Versions