MOVEit Transfer software has been identified as vulnerable to a critical vulnerability. This prompts customers to patch their systems urgently to prevent vulnerability spread. The flaw, identified as CVE-2023-36934, allows an attacker to gain elevated privileges without the user being prompted to authenticate. It also allows an attacker to execute arbitrary commands on an affected system without the user being required to do so.
The unfixable nature of this vulnerability can result in unauthorized access to information, data breaches, and disruptions to critical business functions. This is if the problem is not addressed. It is recommended that Barracuda MSP users apply the latest vendor patch as soon as possible to mitigate the risk in MOVEit Transfer.
An SQL injection vulnerability lets attackers execute code to gain access to a database or tamper with it by triggering a special query that causes the database to be compromised. There must be a lack of adequate input/output data sanitization in the target application to make these attacks possible.
In the past few months, Progress, the company that developed MOVEit Transfer, has discovered multiple SQL injection vulnerabilities, including one that can be exploited without authentication credentials in the application, named CVE-2023-36934.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: