MOVEit Transfer: Containment and Hardening Guide

On May 31, 2023, Progress Software (Progress) discovered a vulnerability in the MOVEit Transfer application that could lead to escalated privileges and potential unauthorized access within an environment where the application is deployed. The MOVEit Transfer application is a file transfer solution that allows for secure file transfers using either HTTPs, SCP, or FTPs. On June 2, 2023, CVE-2023-34362 was assigned for the associated SQL injection vulnerability.

On June 9, 2023, cybersecurity firm Huntress (working with Progress) uncovered additional vulnerabilities (tracked as CVE-2023-35036) that could potentially be leveraged for exploitation of the MOVEit Transfer application. Additional patches were released - and are recommended to be applied to all MOVEit Transfer instances.