A Vulnerability has been discovered in Progress Moveit Transfer, which could allow for could allow for elevated privileges and unauthorized access. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
On June 16th, after the MS-ISAC’s initial advisory, a CVE was assigned to this new critical vulnerability (CVE-2023-35708) and additional remediation and patching steps were recommended. According to the updated Progress Community bulletin, the MOVEit patch released on June 15th must be applied to remediate CVE-2023-35708.
