July 7, 2023•Knowledge
Article Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
CVE-2023-34362 CVE-2023-35036 Progress MOVEit Transfer
CVE-2023-34362 CVE-2023-35036 Progress MOVEit Transfer
Knowledge Base Article 000008989
MOVEit CVE Response
CVE-2023-34362: Progress MOVEit Transfer (May 31, 2023) CVE-2023-35036: Progress MOVEit Transfer (June 9, 2023) CVE-2023-35708: Progress MOVEit Transfer (June 15, 2023) CVE-2023-36932: Progress MOVEit Transfer (July 5, 2023) CVE-2023-36933: Progress MOVEit Transfer (July 5, 2023) CVE-2023-36934: Progress MOVEit Transfer (July 5, 2023)
Summary:
Infoblox is aware of and responding to a series of vulnerabilities affecting Progress Software Corporation’s ‘MOVEit Transfer’ application (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933). Infoblox has applied all available patches.
- MOVEit is a secure file transfer program which allows business partners and customers to exchange data using SFTP, SCP, and HTTPS protocols.
- Infoblox uses MOVEit Transfer application in its BloxDrop server to transfer support logs for troubleshooting and files for professional services implementation.
- Analysis was performed to ensure that no customer confidential information was disclosed.
- Infoblox has performed due diligence on our downstream vendors which handle customer confidential data to ensure that their systems have not been impacted.
Infoblox NIOS, NetMRI, and BloxOne products are not affected by this vulnerability.
Overview and Impact:
On May 31, 2023, Progress Software Corporation (vendor) disclosed a critical rated vulnerability in their MOVEit Transfer application, which was reported to be under active exploitation
(CVE-2023- 34362). Upon notification of this by the vendor, Infoblox patched the server and began forensic investigation to ensure that no customer data was impacted.
On June 9, 2023, as part of third-party code reviews to ensure the software’s security, the vendor identified additional vulnerabilities (CVE-2023-35036) which could be used to exploit the MOVEit Transfer application. The vendor immediately issued a patch which was installed by Infoblox the same day.
On June 15, 2023, additional vulnerabilities (CVE-2023-35708) were identified by Progress Software. Infoblox temporarily disabled use of HTTP and HTTPS with BloxDrop. On June 16, 2023, a patch was released and applied. Subsequently, HTTP/HTTPS has been re-enabled.
On July 5, 2023, Progress Software released a service pack to promote a regular update cadence. This service pack includes fixes for 3 newly discovered vulnerabilities (CVE-2023-36932,
CVE-2023-36933, and CVE-2023-36934). Infoblox has applied the service pack and all available patches for MOVEit version 2020.1 (12.1).
The Infoblox Security Operations Center (SOC) continues to monitor the vendor’s announcements to ensure that additional vulnerabilities are not identified, and to patch when necessary.
Response:
Upon receiving reports related to this vulnerability, Infoblox’s Security Operations Center (SOC) began an investigation to determine any potential impacts. The vendor’s patches have been promptly applied. The SOC continues to work with the vendor to validate that none of the Indicators of Compromise (IOCs) were present on our system.
Infoblox has followed industry recommendations to search for indicators of compromise, including capturing forensic evidence and logs from the server and offloading them for additional review.
Infoblox also engaged the vendor and followed their steps to confirm that no anomalous behavior was observed. Infoblox continues to monitor the security news and vendor notifications to ensure that we are doing all steps possible to identify any malicious activity.
Additionally, Infoblox has performed due diligence on its downstream vendors which handle customer confidential data to ensure that none of our third parties (customer fourth parties) have been impacted.
Resolution:
Infoblox is monitoring this situation and has applied all required patches.
Due diligence has been performed both in terms of forensics on the BloxDrop server, and to validate that Infoblox third-party vendors have not been compromised.
Infoblox NIOS, NetMRI, and BloxOne products are not affected by this vulnerability.
Related Information:
CISA Notice:
AA23-158A #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
Vendor Summary (includes links to each CVE in MITRE and in NIST vulnerability databases: https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
Labels: