scroll it

Making sense of the MOVEit vulnerability

Jun 2023
0% read

A critical flaw in the MOVEit Transfer tool has set off a firestorm in the cybersecurity community as defenders race to patch while Russia-linked attackers continue to exploit the zero-day SQL injection vulnerability.

With MOVEit making waves, it’s worth stepping back to examine how this critical vulnerability led to compromises at so many high-profile organizations, and how Synack stands ready to help calm the waters and protect our customers.

SQL injection strikes again

The high-risk vulnerability in Progress Software’s MOVEit Transfer product, tracked as CVE-2023-34362, clocked in at a “critical” 9.8 base score in the National Vulnerability Database after it came to light late last month. As a SQL injection flaw, an attacker could leverage it to access, alter or delete sensitive information, depending on the type of database the victim was using. 

The Russian-speaking CL0P ransomware gang began exploiting the zero-day on May 27, according to the Cybersecurity and Infrastructure Security Agency. But rather than encrypt sensitive files and demand payment to unlock them, the CL0P extortionists have threatened to leak them publicly unless a ransom is posted. The group gave a June 14 deadline for victim organizations to start negotiations. 

Luckily, Progress Software has issued mitigation for the vulnerability, which affects all versions of its MOVEit Transfer file sharing tool. Unfortunately, the product’s widespread use has meant the cybersecurity vulnerability has affected organizations in the oil and gas, aviation, education and government sectors worldwide, among others, according to various news reports. 

What’s next for MOVEit

The Cybersecurity and Infrastructure Security Agency added the initial MOVEit Transfer flaw to its Known Exploited Vulnerabilities Catalog on June 2, meaning U.S. federal agencies are required to find and fix it. 

Since then, researchers with Progress Software have uncovered other previously unknown SQL flaws in MOVEit Transfer software, including a new SQLi zero-day today “that could lead to escalated privileges and potential unauthorized access.” The company continues to issue updated guidance and patches. 

At Synack, we’ve added CVE-2023-34362 to our Synack Catalog, meaning that our customers can run CVE checks to test their environments for signs of the flaw and validate that they’ve fixed it. 

Members of our elite Synack Red Team of cybersecurity researchers bring a unique adversarial perspective to all pentesting engagements. They’re no strangers to rapid-response vulnerability testing, having checked over 2 million IPs for the Log4j flaw after that blockbuster vulnerability came to light in late 2021. 

Like Log4j before it, the emergence of the MOVEit flaw highlights the importance for organizations to continuously check their environments for vulnerabilities. To learn more about how Synack can help protect against MOVEit (and other SQL injection flaws like it), schedule a demo here