Third MOVEit Switch Vulnerability Disclosed by Progress Software program



One more MOVEit Switch vulnerability, CVE-2023-35708, was found this week by Progress Software program, the third that the corporate has disclosed, alongside CVE-2023-34362 and CVE-2023-35036.

The problem itself, detailed in an advisory launched June 15 by the corporate, is one other SQL injection vulnerability that would doubtlessly enable unauthenticated attackers to achieve entry into MOVEit’s database. Ought to attackers current a payload into the MOVEit Switch utility endpoint, they might in the end modify the database content material. Progress Software program is encouraging MOVEit Switch prospects to take quick motion to assist harden their MOVEit Switch environments, noting that it’s “extraordinarily vital” that customers act as rapidly as potential. 

“As we proceed to analyze the problem associated to MOVEit Cloud and MOVEit Switch that we beforehand reported, an unbiased supply has disclosed a brand new vulnerability that might be exploited by a foul actor,” in response to a press assertion.

The discharge of the advisory detailing the newest vulnerability comes on the heels of CISA disclosing an occasion through which federal businesses have been impacted by the switch software by the hands of the Cl0p ransomware gang — a part of the continued glut of assaults utilizing what was as soon as a zero-day bug within the platform (the primary subject patched). Cyberattacks involving the usage of the MOVEit Switch program have now affected a number of US authorities businesses, alongside many different firms and organizations, who are actually coping with the lack of stolen info, disrupted methods, and typically even the calls for of ransom funds.

Although there have not been any indications that risk actors have but exploited the brand new vulnerability, MOVEit has asserted that it’s speaking with prospects to guard and create safer environments. 

Sustain with the newest cybersecurity threats, newly-discovered vulnerabilities, information breach info, and rising tendencies. Delivered each day or weekly proper to your e-mail inbox.

Leave a Reply

Your email address will not be published. Required fields are marked *