Introduction:
On
June 22, 2023, a critical unauthenticated SQL injection (SQLi) flaw was
reported in MOVEit Transfer software. This vulnerability was discovered by Guy
Lederfein of Trend Micro, in collaboration with the Zero Day Initiative. The
presence of this vulnerability poses a significant risk to the security of
affected systems. This blog post aims to provide details of this vulnerability its
impact, and the necessary steps to protect your website.
Comprehensive Look into the CVE-2023-36934:
It
has been identified that earlier versions of the MOVEit Transfer web
application, specifically those released prior to 2020.1.11 (12.1.11), 2021.0.9
(13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4
(15.0.4), contain a vulnerability related to SQL injection. This particular
vulnerability, if exploited by an unauthorized attacker, could result in
unauthorized access to the MOVEit Transfer database. To exploit this weakness,
an attacker can skillfully construct and send a payload to a specific MOVEit
Transfer application endpoint, potentially enabling them to manipulate and
expose the contents of the MOVEit database. This Vulnerability has CVSS score
of 9.8 and poses a significant risk to affected systems.
Affected
Endpoint:
Vulnerability
is in the “human.aspx” endpoint of the MOVEit Transfer software. This flaw
allows for the execution of SQL queries using a specially crafted request that
includes a user-supplied string. Exploiting this vulnerability enables an
attacker to execute arbitrary code within the context of the moveitsvc user. It
is imperative for MOVEit Transfer users to address this vulnerability promptly
to prevent potential security breaches.
Proof-of-Concept and Exploit References:
Unlike
CVE-2923-36934, there have been reported cases of exploitation in the wild, and
no public proof-of-concept exploits have surfaced. Nevertheless, it is
anticipated that malicious actors will actively pursue the development of such
exploits in the upcoming weeks and months. In light of this, recommends all
users running MOVEit Transfer to promptly apply the available patches to ensure
the highest level of security for their systems.
This
link provides a Nuclei Template designed to assist in identifying the critical
SQL injection (SQLi) authentication bypass vulnerability, present in MOVEit
Transfer Software.
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-36934.yaml?ref=blog.projectdiscovery.io
Effective Risk Remediation:
Software
has released the required updates for all significant versions of MOVEit
Transfer, emphasizing the importance for users to promptly update to the latest
version in order to minimize the potential risks associated with these
vulnerabilities.
|
Affected Version |
Fixed Version (Drop-In DLLs) |
Documentation |
Release Notes |
|
MOVEit Transfer
2020.1.6 (12.1.6) or later |
Download the
patch at the link in the Fixed Version column and see the
readme.txt file in the zip file for instructions |
||
|
MOVEit Transfer
2020.0.x (12.0.x) or older |
Must
upgrade to a supported version |
N/A |
Community News:
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Contributed by Sharanu Kalyan
0 Comments