Summary:
On May 31, 2023, Progress Software disclosed a critical vulnerability that impacts the MOVEit Transfer web application, which transfers files. Exploitation can lead to the deployment of a web shell and exfiltration of data. The vulnerability affects all versions of the software and is under active exploitation. As of this publication, it has not been assigned a CVE number.
An unauthenticated remote attacker could escalate privileges and gain unauthorized access via the MOVEit Transfer database. A post-exploitation web shell (human2.aspx) was first uploaded to the VirusTotal analysis service on May 28, suggesting the campaign was active since at least that date. The observed web shells appear to contain unique passwords for each victim, reducing the value of file hash-based detections.
Recommended actions:
Our Security Partner (Secureworks Counter Threat Unit) researchers recommend that customers review the vendor’s guidance and apply available patches as appropriate in their environments. The Progress Software advisory describes mitigations for organizations that cannot immediately upgrade.
Questions:
If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk
References:
- MOVEit Transfer Critical Vulnerability (May 2023) (CVE-) – Progress Community
- Progress Software Releases Security Advisory for MOVEit Transfer | CISA
- MOVEit Transfer Critical Vulnerability CVE Rapid Response (huntress.com)
- Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations – TrustedSec
