CERTFR-2023-ALE-005
Vulnerability from certfr_alerte

La découverte d'une vulnérabilité affectant le logiciel MOVEit Transfer de Progress Software, le 31 mai 2023, avait conduit le CERT-FR à publier des éléments d'information dans le bulletin d'actualité CERTFR-2023-ACT-025.

L'objet de cette alerte CERTFR-2023-ALE-005 est de faire le point sur l'exploitation de cette vulnérabilité par le groupe cybercriminel CL0P ainsi que de synthétiser les mesures de remédiation et de correction à appliquer par les utilisateurs du logiciel MOVEit Transfer.

Télécharger le rapport : Exploitation d'une vulnérabilité dans MOVEit Transfer par le groupe cybercriminel CL0P

Solution

Se référer au document PDF joint à cette alerte.

Impacted products
Vendor Product Description
Progress MOVEit Transfer MOVEit Transfer versions 2021.1.x antérieures à 2021.1.6 (13.1.6)
Progress MOVEit Transfer MOVEit Transfer versions 2021.0.x antérieures à 2021.0.8 (13.0.8)
Progress MOVEit Transfer MOVEit Cloud versions antérieures à 14.4.6.97 ou 14.0.5.45 (production)
Progress MOVEit Transfer MOVEit Transfer versions antérieures à 2020.1.10 (12.1.10)
Progress MOVEit Transfer MOVEit Transfer versions 2022.0.x antérieures à 2022.0.6 (14.0.6)
Progress MOVEit Transfer MOVEit Transfer versions 2022.1.x antérieures à 2022.1.7 (14.1.7)
Progress MOVEit Transfer MOVEit Transfer versions 2023.x antérieures à 2023.0.3 (15.0.3)
Progress MOVEit Transfer MOVEit Cloud versions antérieures à 15.0.2.39 (test)
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MOVEit Transfer versions 2021.1.x ant\u00e9rieures \u00e0 2021.1.6 (13.1.6)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    },
    {
      "description": "MOVEit Transfer versions 2021.0.x ant\u00e9rieures \u00e0 2021.0.8 (13.0.8)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    },
    {
      "description": "MOVEit Cloud versions ant\u00e9rieures \u00e0 14.4.6.97 ou 14.0.5.45 (production)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    },
    {
      "description": "MOVEit Transfer versions ant\u00e9rieures \u00e0 2020.1.10 (12.1.10)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    },
    {
      "description": "MOVEit Transfer versions 2022.0.x ant\u00e9rieures \u00e0 2022.0.6 (14.0.6)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    },
    {
      "description": "MOVEit Transfer versions 2022.1.x ant\u00e9rieures \u00e0 2022.1.7 (14.1.7)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    },
    {
      "description": "MOVEit Transfer versions 2023.x ant\u00e9rieures \u00e0 2023.0.3 (15.0.3)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    },
    {
      "description": "MOVEit Cloud versions ant\u00e9rieures \u00e0 15.0.2.39 (test)",
      "product": {
        "name": "MOVEit Transfer",
        "vendor": {
          "name": "Progress",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2023-09-11",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au document PDF joint \u00e0 cette alerte.\n",
  "cves": [
    {
      "name": "CVE-2023-34362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34362"
    },
    {
      "name": "CVE-2023-35036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35036"
    },
    {
      "name": "CVE-2023-35708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35708"
    }
  ],
  "initial_release_date": "2023-07-05T00:00:00",
  "last_revision_date": "2023-09-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-ALE-005",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-05T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2023-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "La d\u00e9couverte d\u0027une vuln\u00e9rabilit\u00e9 affectant le logiciel MOVEit Transfer\nde Progress Software, le 31 mai 2023, avait conduit le CERT-FR \u00e0 publier\ndes \u00e9l\u00e9ments d\u0027information dans le bulletin d\u0027actualit\u00e9\nCERTFR-2023-ACT-025.\n\nL\u0027objet de cette alerte CERTFR-2023-ALE-005 est de faire le point sur\nl\u0027exploitation de cette vuln\u00e9rabilit\u00e9 par le groupe cybercriminel CL0P\nainsi que de synth\u00e9tiser les mesures de rem\u00e9diation et de correction \u00e0\nappliquer par les utilisateurs du logiciel MOVEit Transfer.\n\n\u003ca href=\"/uploads/CERTFR-2023-ALE-005.pdf\"\nstyle=\"display: block; text-align: center; padding: 5px 8px 5px 8px; background-color: #c4322c; width: 1200px; height: 32px; margin: 0 auto; color: #ffffff;\"\ndata-darkreader-inline-bgcolor=\"\"\ndata-darkreader-inline-color=\"\"\u003eT\u00e9l\u00e9charger le rapport : Exploitation\nd\u0027une vuln\u00e9rabilit\u00e9 dans MOVEit Transfer par le groupe cybercriminel\nCL0P\u003c/a\u003e\n",
  "title": "Synth\u00e8se sur l\u0027exploitation d\u0027une vuln\u00e9rabilit\u00e9 dans MOVEit Transfer",
  "vendor_advisories": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.