REDLEGG BLOG
Emergency Security Bulletin | RedLegg | 96Bravo

Emergency Security Bulletin - MOVEit Vulnerabilities

6/16/23 12:10 PM  |  by RedLegg Blog

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.

On June 15, 2023, Progress Software released a security advisory concerning a critical vulnerability impacting the MOVEit Transfer web application. This vulnerability can be leveraged by an adversary to achieve elevation of privileges and take control of a compromised system. The creators of the MOVEit application, Progress, has advised their customers to take immediate action by applying the latest patch to remediate this vulnerability.

RedLegg has coverage for vulnerabilities previously observed in the MOVEit web application such as: AIE: RedLegg - MOVEit Exploitation: CVE-2023-34362. We currently believe that this detection rule may identify abuse of CVE-2023-35708 as well, and are investigating further opportunities to identify abuse of this application

VULNERABILITIES

MOVEIT TRANSFER ELEVATION OF PRIVILEGE VULNERABILITY

Identifier: CVE-2023-35708
CVSS Score: N/A
Exploit or POC: No
Advisory Link: CVE-2023-35708 – Recommended Remediation & UpdatesDescription: CVE-2023-35708 allows for elevation of user privileges and unauthorized access. Authentication and user interaction are not required to successfully exploit this vulnerability. Successful exploitation could allow an attacker to submit a crafted payload to a MOVEit Transfer application endpoint, resulting in compromised data integrity or a potential data leak.
Mitigation recommendation: Mitigation instructions can be found here: CVE-2023-35708 – Recommended Remediation & Updates. In addition to the measures directly suggested by the MOVEit, Mandiant has produced an extensive hardening guide: Mandiant - MOVEit Transfer: Containment and Hardening Guide.

Critical Security Vulnerabilities Bulletin