News

Critical vulnerability in file-transfer service MOVEit

Security Parrot Editorial Team

Progress’ MOVEit File Transfer Service Vulnerability Being Actively Exploited

Progress’ managed file-transfer service MOVEit is currently being actively exploited due to a vulnerability, prompting the American cybersecurity regulator CISA to call for patching as soon as possible.
MOVEit is a file transfer service designed to provide compliant exchange of sensitive data files. It can automate and manage complex workflows and provide insight into all file transfer activities in real time. The service also secures files with various secure protocols such as FTPS, HTTPS and SFTP and offers data encryption at rest and during exchange.

Vulnerability with SQL Injection

The recently discovered vulnerability, CVE-2023-34362, allows hackers to penetrate a MOVEit Transfer instance using a specially crafted SQL injection. This allows them to access the databases currently in use, such as MySQL, Microsoft SQL and Azure SQL. The attacker may be able to infer information about the structure and contents of the database. Both the on-prem and cloud versions of MOVEit are affected by the vulnerability.

Active Abuse and Patch Available

According to the American regulator CISA, the vulnerability is now being actively abused and US government agencies must patch it as soon as possible. Progress has now released a security update for the vulnerability. In this update, the software supplier provides a step-by-step plan for resolving the vulnerability and a patch for the various versions of the file transfer service.
Organizations must take the necessary steps to protect their systems from the vulnerability. It is important to note that even one unpatched bug can lead to a cyber insurance claim. Therefore, it is essential to patch the vulnerability as soon as possible to ensure the security of sensitive data.
In conclusion, the vulnerability in Progress’ MOVEit file transfer service is being actively exploited and organizations must patch it as soon as possible. The software supplier has released a security update with a step-by-step plan for resolving the vulnerability and a patch for the various versions of the file transfer service. Organizations must take the necessary steps to protect their systems from the vulnerability to ensure the security of sensitive data.

Share this Article
Exit mobile version
Lost your password?