9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.811 High
EPSS
Percentile
97.9%
In early June, we reported on the discovery of a critical vulnerability in MOVEit Transferβknown as CVE-2023-34362.
After the first vulnerability was discovered, MOVEitβs owner Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the software. Now, Progress says it has discovered multiple SQL injection vulnerabilities in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.
There are no CVEs yet available for the new vulnerabilities, but Progress has released patches.
Users of Progress MOVEit Transfer versions released before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), 2023.0.2 (15.0.2) should follow the recommendations in the security bulletin about the new vulnerabilities.
This code review was undoubtedly triggered by the severe consequences of the first vulnerability that was exploited by the Cl0p ransomware gang. Cl0p confirmed it was behind these attacks in responses to inquiries by Reuters and BleepingComputer
Cl0p is showing a very different behavior from other ransomware groups. The gang either found or bought the CVE-2023-34362 vulnerability and reportedly started testing it against victims as far back as 2021.
They felt comfortable enough to wait with actively deploying their ransomware, and didn't launch a large scale campaign until the 2023 Memorial Day weekend in the US. This demonstrates a level of sophistication and planning that we donβt see in other ransomware groups.
Victims of this exploitation wave are plentiful and new ones keep coming forward. All the victims of this attack have been told to contact the Cl0p ransomware group before June 14, 2023 or βface the consequences,β which tends to suggest that their data will be published online.
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.811 High
EPSS
Percentile
97.9%