Patch Diffing Progress MOVEIt Transfer RCE (CVE-2023-34362)

Remote Code Execution (RCE)

In the last few days, threat actors have been exploiting a critical pre-authentication vulnerability within Progress MOVEIt Transfer. There have been several great blog posts covering the incident response, forensic artifacts, and detection engineering efforts when it comes to preventing compromise. Assetnote was successful at determining the full exploit chain for this vulnerability, including the SQL injection and the remote code execution attack vector.