A critical vulnerability has been discovered in the MOVEit Transfer software, prompting urgent action from customers to patch their systems. This flaw, identified as CVE-2023-36934, allows an attacker to execute arbitrary commands on the affected system with elevated privileges without user authentication. If left unaddressed, this vulnerability could lead to unauthorized access, data breaches, and potential disruption of critical business operations. Barracuda MSP recommends MOVEit Transfer users to apply the latest patch provided by the vendor immediately to mitigate the risk.
What is the threat?
CVE-2023-36934 allows unauthenticated remote attackers to execute arbitrary commands on vulnerable MOVEit Transfer systems. By exploiting this flaw, attackers can gain unauthorized access and potentially compromise sensitive data or perform malicious activities with elevated privileges. Successful exploitation of this vulnerability does not require any user interaction or authentication, making it particularly dangerous.
There are two other high-severity vulnerabilities: CVE-2023-36932 and CVE-2023-36933. CVE-2023-36932 is a SQL injection flaw that can be exploited by attackers who are logged in to gain unauthorized access to the MOVEit Transfer database. CVE-2023-36933, on the other hand, is a vulnerability that allows attackers to unexpectedly shut down the MOVEit Transfer program.
These vulnerabilities affect multiple MOVEit Transfer versions, including 12.1.10 and previous versions, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and earlier.
Why is it noteworthy?
This vulnerability found in MOVEit Transfer is significant due to the exposure and risk it poses. Attackers can exploit the flaw to gain unauthorized access to the software, potentially compromising sensitive data and executing arbitrary commands with elevated privileges. The potential for further compromise is concerning, as attackers can move laterally within the network, escalate privileges, and potentially breach additional systems. Industries reliant on secure file transfers, along with organizations handling sensitive data, are particularly at risk of severe consequences. Urgent action is crucial to mitigate the potential damage, protect critical operations, and prevent the cascading effects of further compromise.
What is the exposure or risk?
This vulnerability has the potential to lead to further compromise. Once an attacker gains unauthorized access to the affected system through the MOVEit Transfer software, they can further exploit the compromised system to move laterally across the network, escalate privileges, and potentially compromise additional systems or resources. This could result in a larger-scale breach, exfiltration of sensitive data, or disruption of interconnected systems within the organization.
Since this vulnerability does not require user interaction or authentication, it poses a significant risk to any organization using the affected software. Companies across various industries, such as finance, healthcare, government, and manufacturing, secure file transfers are critical for their operations. Organizations handling sensitive or regulated data, such as personally identifiable information (PII) or protected health information (PHI), may face severe consequences if their data is compromised through this vulnerability.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of an Unauthenticated SQLi Flaw in MOVEit Transfer Software:
- Immediately update the MOVEit Transfer software to the latest version provided by the vendor. Necessary updates are available for all major MOVEit Transfer versions. This patch should address the identified vulnerability and ensure that your system is protected against potential exploitation.
- Implement a robust patch management process to ensure that all software and applications, including MOVEit Transfer, are regularly updated with the latest security patches. Promptly applying patches helps protect against known vulnerabilities.
- Separate critical systems and sensitive data from the vulnerable software by implementing network segmentation. This can help contain any potential compromise and limit the attacker’s lateral movement within the network.
- Utilize Barracuda XDR to monitor, detect and analyze network traffic for identification of IOCs and potential exploitation related to the MOVEit Transfer Software vulnerabilities.
- Raise awareness among users and employees about the risks associated with this vulnerability. Promote best practices such as strong password hygiene, caution when opening email attachments, and reporting any suspicious or unusual activity to the IT/security team.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions regarding this Cybersecurity Threat Advisory, please contact our Security Operations Center.