MOVEIt Transfer RCE Part Two (CVE-2023-34362)

Remote Code Execution (RCE)

In our last post we detailed our initial work reversing the recent Progress MOVEit Transfer remote code execution vulnerability as well as our proof-of-concept demonstrating the exploit. We implemented checks in our Attack Surface Management platform providing our customers with assurance on whether or not they are affected. However, we declined to post the full exploit chain as it was being actively exploited at the time. Since then, a public proof-of-concept has been posted and so we will now detail the steps we took to reverse the vulnerability.