QID 378591
Date Published: 2023-06-16
QID 378591: IpSwitch MOVEit Transfer Privilege Escalation and Potential Unauthorized Access Vulnerability
Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment.
QID Detection Logic: (Authenticated)
This QID checks file version of MOVEit.DMZ.ClassLib.dll to identify the vulnerable versions of the product MOVEit Transfer.
Successful exploitation will lead to privilege escalation and potential unauthorized access
Workaround:
Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment. More specifically:
Modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443.
It is important to note that until HTTP and HTTPS traffic is enabled again:
Users will not be able to log on to the MOVEit Transfer web UI
MOVEit Automation tasks that use the native MOVEit Transfer host will not work
REST, Java and .NET APIs will not work
MOVEit Transfer add-in for Outlook will not work
SFTP and FTP/s protocols will continue to work as normal
- MOVEit Transfer Critical Vulnerability -
community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
CVEs related to QID 378591
| Advisory ID | Software | Component | Link |
|---|