The National Cyber Security Center has issued a warning about a vulnerability in MOVEit Transfer, a business file sharing tool. According to the NCSC, the risk of abuse and the possible impact are high.
It concerns an SQLinjection vulnerability that contains the CVS CVE-2023-34362 has been assigned. The vulnerability could allow an unauthorized attacker to access the database of a MOVEit Transfer server, said Progress, the developer of the tool. Malicious parties can then according to the NCSC view users’ systems and data stored therein. The vulnerability could also be used to gain administrative rights on the affected system.
The NCSC says it has ‘indications’ that the vulnerability is being actively exploited. Previously did Security company Rapid7 has already reported the vulnerability. That company claims that as of May 31, at least 2,500 MOVEit Transfer servers were already accessible from the public Internet. It is unclear how long the vulnerability has been exploited. In the Netherlands according to cybersecurity company Censys, 134 MoveIT servers are used.
The developer of the tool, Progress, has now made security updates available that close the vulnerability. The NCSC advises users to download it as soon as possible. The cybersecurity organization has also published Indicators of Compromise that allow users to find out whether an unauthorized person has gained access to their systems. Also the US and German authorities recommend organizations that use the tool to get the updates as soon as possible.
