A critical security vulnerability has recently come to light and poses a significant risk to organizations using MOVEit Transfer, the managed file transfer software developed by Ipswitch.
A zero day exploit, CVE-2023-34362, is actively being exploited by malicious hackers to steal sensitive data from targeted organizations. Breaches are already being reported world-wide, and it is essential to take immediate action to protect your data if this CVE is present in your environment.
The vulnerability allows for escalated privileges and potential unauthorized access to MOVEit Transfer. While specific details have not been publicly disclosed, it is believed to be a web-facing vulnerability, possibly a SQL injection vulnerability leading to remote code execution.
Patches are still being developed for some versions of MOVEit, but some patches are available today. At a minimum, we recommend doing your own research and reviewing your logging and security alerting systems immediately to ensure everything is working properly to protect your assets.
Below is the current list of MOVEit Transfer versions that have a patch available:
|Affected Version||Fixed Version||Documentation|
|MOVEit Transfer 2023.0.0||MOVEit Transfer 2023.0.1||MOVEit 2023 Upgrade Documentation|
|MOVEit Transfer 2022.1.x||MOVEit Transfer 2022.1.5||MOVEit 2022 Upgrade Documentation|
|MOVEit Transfer 2022.0.x||MOVEit Transfer 2022.0.4|
|MOVEit Transfer 2021.1.x||MOVEit Transfer 2021.1.4||MOVEit 2021 Upgrade Documentation|
|MOVEit Transfer 2021.0.x||MOVEit Transfer 2021.0.6|
For questions or more information, please reach out to your FD advisor.