Fortra’s Alert Logic is actively researching three Progress MOVEit Transfer vulnerabilities that allow attackers to breach systems.
CVE-2023-34362: This vulnerability is triggered by targeting the HTTP and HTTPS interfaces in the MOVEit Transfer environment via SQL Injection and MOVEit guest access.
CVE-2023-35036: This vulnerability involves multiple SQLi vulnerabilities that could result in modification and disclosure of MOVEit database content.
CVE-2023-35708: This SQLi vulnerability could result in modification and disclosure of MOVEit database content.
Who is affected?
Customers running MOVEit Transfer versions released before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), 2023.0.3 (15.0.3) are impacted.
What can I do?
Progress recommends disabling all HTTP/HTTPS traffic into your MOVEit Transfer environment. They have also released updates for impacted platforms.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities. Alert Logic appliances and infrastructure are not affected by this vulnerability.
Vulnerability Scanning: Alert Logic released scan coverage on June 2, 2023, to identify CVE-2023-34362, followed by scan coverage to identify CVE-2023-35036 on June 14. An authenticated scan performed after this release will check for the version of MOVEit. If a vulnerable version is found, an exposure will be raised for CVE-2023-34362 or CVE-2023-35036.
Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Network IDS: Alert Logic is actively researching potential IDS signatures to detect exploit attempts for this vulnerability and aid in further detection.
WAF: Fortra's Managed WAF Advanced Signature Engine detects the offending HTTP SQL injection payload. The Advanced Signature Engine is available in v4 and v5 releases not older than Oct 4, 2021 (releases 184.108.40.206 and 220.127.116.11). Website security profiles using the Legacy Signature Engine should be configured to use Advanced Signature Engine.
In addition, a virtual patch that detects and blocks exploit attempts has been released. The patch is available both in the Emerging Threats Virtual Patch Group and in a MOVEit-specific Virtual Patch Group. Website security profiles configured to use Emerging Threat Virtual Patches will implement the protection automatically.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
06/16/2023: Additional MOVEit vulnerabilities have been announced since the release of the article, and information about these new vulnerabilities has been added. Scan coverage for one of the additional vulnerabilties - CVE-2023-35036 - was released on June 14.
06/19/2023: Fortra Managed WAF detection was released via patch groups.