Mitigation Instructions for CVE-2023-35708 MOVEit

SUBJECT: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

TECH STACK: Web Application (Progress MOVEit Transfer)

DATE(S) ISSUED: 06/16/2023

NVD Last Modified: 06/20/2023

CRITICALITY: CRITICAL 

OVERVIEW: 

CVE-2023-35708 is a critical vulnerability in Progress MOVEit Transfer versions prior to 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).  

This vulnerability allows an unauthenticated attacker to exploit an SQL injection flaw in the MOVEit Transfer web application, potentially gaining unauthorized access to the database. The attacker could then modify or disclose sensitive database content.

SOLUTION: 

Immediate action is required to mitigate this vulnerability:

1. Apply Patches:  Apply the appropriate patch for your MOVEit Transfer version as soon as possible. Refer to Progress Security Advisory (https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023Mitigation) for patch versions and download links.
2. Disable HTTP/HTTPS Traffic (Temporary Measure): As a temporary mitigation measure, consider disabling HTTP and HTTPS traffic to the MOVEit Transfer environment by modifying firewall rules. This will restrict access to the vulnerable application endpoint. However, remember to re-enable traffic once patched to allow normal functionality.
3. Review Network Access: Limit access to the MOVEit Transfer environment from untrusted networks and users. Implement access control lists (ACLs) and firewalls to control incoming and outgoing traffic. 

1. Monitor Logs and Activity: Closely monitor system logs and activity for suspicious behavior that may indicate exploitation attempts. Utilize intrusion detection and prevention systems (IDS/IPS) for enhanced security.

1. Prepare Incident Response Plan: Ensure a well-defined incident response plan is in place to quickly contain and remediate any potential security incidents arising from this vulnerability.

1. Update Software Regularly: Maintain regular updates for MOVEit Transfer software and all other system software to benefit from the latest security patches.

REFERENCES:

Third Party Advisories:

• Vendor Advisory - MOVEit Transfer Critical Vulnerability (Progress)

Confirmation & Additional Information:

1. This vulnerability received a CVSS v3.1 base score of 9.8, indicating a CRITICAL severity level.
2. The affected technology is identified as a web application within the Progress MOVEit Transfer software.
3. Exploitability is considered likely, emphasizing the urgency of taking mitigation measures

Cross-References:

• Mitigation Patch Vendor Advisory (Progress)

• Third Party Advisory - US Government Resource (CISA)