A critical vulnerability in Progress Software’s MoveIt Transfer is under exploitation, according to a report from Rapid7.
The zero-day vulnerability, which Progress disclosed Wednesday, is a SQL injection flaw that could lead to escalated privileges and potential unauthorized access in the managed file transfer (MFT) product. Currently, there is no patch available for the flaw, and it has not been assigned a CVE.
Which Versions Are Affected?
Affected versions are listed below:
- MOVEit Transfer 2023.0.0
- MOVEit Transfer 2022.1.x
- MOVEit Transfer 2022.0.x
- MOVEit Transfer 2021.1.x
- MOVEit Transfer 2021.0.x
The vulnerability impacts on-prem and cloud-based versions of MOVEit. The vendor, in a status update, said it patched cloud test servers on Thursday and restored HTTPs access.
Progress Software, promptly responded by taking down MOVEit Cloud, informing customers, and providing mitigation steps and patches.
- Whitelist traffic on ports 80 and 443 to the MOVEit Transfer server. This action will prevent external access to the web user interface (UI), as well as prevent the functioning of some MOVEit Automation tasks, APIs, and the Outlook MOVEit Transfer plugin. You can still utilize the SFTP and FTP/s protocols for file transfers.
- Inspect the C:\MOVEit Transfer\wwwroot\ folder for suspicious files, such as backups or large file downloads. The presence of such files could potentially indicate data theft.