In May 2023, a critical vulnerability identified as CVE-2023-34362 was discovered in MOVEit Transfer, a managed file transfer software developed by Progress Software. This SQL injection flaw allowed unauthorized access to the MOVEit Transfer database, enabling attackers to execute SQL statements that could alter, delete, or infer information about the database’s structure and contents.
POC:
GitHub – Malwareman007/CVE-2023-34362: POC for CVE-2023-34362 affecting MOVEit Transfer
GitHub – errorfiathck/MOVEit-Exploit: an exploit of POC for CVE-2023-34362 affecting MOVEit Transfer
Details of the Vulnerability
The vulnerability resided in the web application of MOVEit Transfer, where improper input validation permitted SQL injection attacks. Exploiting this flaw, attackers could gain unauthorized access to the database, potentially leading to data theft, unauthorized data manipulation, and further exploitation of the affected systems.
Public Exploits and Widespread Impact
The Russian-affiliated cyber gang Cl0p exploited this vulnerability, leading to a series of cyberattacks and data breaches beginning in June 2023. Thousands of organizations and almost 100 million individuals were affected, with notable victims including the BBC, British Airways, Boots, Aer Lingus, and payroll service Zellis. The attackers utilized a custom web shell known as LemurLoot, disguised as legitimate ASP.NET files, to steal data from compromised systems.
Mitigation Steps
To protect systems from this vulnerability:
- Apply Security Patches: Progress Software released patches addressing this vulnerability. Organizations using MOVEit Transfer should immediately apply these updates to mitigate the risk. en.wikipedia.org
- Restrict Network Access: Implement firewall rules to limit access to the MOVEit Transfer web interface, allowing only trusted IP addresses to connect.
- Monitor for Indicators of Compromise (IoCs): Regularly review logs and network traffic for signs of unauthorized access or data exfiltration associated with the LemurLoot web shell.
- Conduct Security Audits: Perform comprehensive security assessments to identify and remediate potential vulnerabilities within your organization’s infrastructure.
Conclusion
The MOVEit Transfer vulnerability (CVE-2023-34362) highlights the critical importance of promptly addressing security flaws in widely used software. Organizations must remain vigilant, apply necessary patches, and implement robust security measures to safeguard against such significant threats.
