Update: MOVEit Transfer Critical Vulnerability - 20230616002

Overview

Since the release of Advisory #20230602001, Progress Software has announced a new SQLi vulnerability for a privilege escalation (CVE still pending).

Additionally, Progress Software are actively updating their own Security Center article page titled "MOVEit Transfer and MOVEit Cloud Vulnerability" including immediate mitigation steps and workaround measures for administrators.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends users and organizations review the Progress Software security center page, follow the mitigation steps, and apply the necessary updates when available.

Additional References

• Progress Software - Security Center
• Progress Software - MOVEit Transfer Critical Vulnerability - CVE Pending (June 15, 2023)
• Rapid7 - Observed Exploitation of Critical MOVEit Transfer Vulnerability