3rd Party Risk Management , Fraud Management & Cybercrime , Ransomware

Latest MOVEit Bug Is Another Critical SQL Injection Flaw

Progress Software Reveals 1 New 'Critical' and 2 'High-Severity' Bugs
Latest MOVEit Bug Is Another Critical SQL Injection Flaw

For the third time since the discovery of the MOVEit Transfer application zero-day vulnerability, Progress Software has revealed a new critical SQL injection vulnerability affecting its managed file transfer web application. The company also revealed two high-severity bugs.

See Also: Breaking the Chain: Hindering Ransomware’s Killchain

Critical Bug - CVE-2023-36934

The critically rated bug, tracked as CVE-2023-36934, has a CVSS score of 9.8. It allows remote attackers to bypass authentication on affected systems and execute arbitrary code, said Progress Software in a security advisory.

The vulnerability exists within the human.aspx endpoint. It could allow an attacker to send a crafted request and trigger the execution of SQL queries composed from a user-supplied string. The attacker can then leverage this vulnerability to execute code in the context of the moveitsvc user.

Progress Software first reported the MOVEit vulnerability and released an initial patch for the zero-day flaw on May 31. Two weeks later, the company discovered an SQL injection flaw in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database (see: MOVEit Discloses More Vulnerabilities, Issues Patch).

The latest vulnerability shares commonalities with the first flaw, CVE-2023-34362, which has been actively exploited over the past month by the Clop ransomware group to exfiltrate data from hundreds of victim organizations for extortion (see: Extortion Group Clop's MOVEit Attacks Hit Over 130 Victims).

Like that flaw, the CVE-2023-36934 vulnerability provides unauthorized access and could result in modification and disclosure of MOVEit database content.

The company attributed the discovery of the vulnerability to Guy Lederfein of Trend Micro, who worked with the Zero Day Initiative to find the bug.

High-Severity Bugs - CVE-2023-36932 and CVE-2023-36933

Progress Software also revealed details of a high-severity, denial-of-service bug tracked as CVE-2023-36933 in its MOVEit Transfer application. The vulnerability allows attackers to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly and enter a DoS condition.

The flaw's discovery has been attributed to responsible disclosure on the HackerOne platform by a user named James Horseman. Progress said the The three vulnerabilities have been fixed.

The second high-severity bug is CVE-2023-36932. It can be exploited by an unauthenticated attacker to gain access to the MOVEit Transfer database and is similar to CVE-2023-36934.

Progress Software did not immediately respond to Information Security Media Group's request for additional details on why those vulnerabilities have been rated differently if their impact is same.

Patching

Before applying the latest patch update, the company said affected customers who have not yet done so need to apply the patch to address the original zero day.

At the moment, no known instances of exploitation in the wild have been found for any of the three latest vulnerabilities and public proof-of-concept exploits.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.