CVE-2023-34362 – MOVEit
Since the end of May, several critical flaws have been discovered in Progress Software’s MOVEit Transfer managed file transfer application. The first flaw involves a SQL injection (SQLi) vulnerability that could potentially lead to privilege escalation and unauthorized system access. Depending on the specific database engine in use, such as MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to gather information about the database’s structure and contents. Furthermore, they could execute SQL statements that have the capability to modify or delete elements within the database.
Microsoft has attributed the ongoing exploitation of this vulnerability to a threat actor known as Lace Tempest. Lace Tempest (also known as Storm-0950) is associated with ransomware groups like FIN11, TA505, and Evil Corp. They are also linked to the operation of the Cl0p extortion site. The attacker’s objective is data theft and subsequent extortion.
Continue reading