Q2 2023 Cyber Vulnerability Report and Impact

Fortinet Fortigate Vulnerability Alert | June 2023

Background Information

A critical security flaw (CVE-2023-27997) has been discovered in Fortigate SSL VPNs. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Corvus has observed similar vulnerabilities lead to ransomware incidents. Security patches have been released and should be applied as soon as possible.

Impact of the Vulnerability

The vulnerability is fixed in the following Fortinet Fortigate versions:

• FortiOS 6.0.17 

• FortiOS 6.2.15

• FortiOS 6.4.13 

• FortiOS 7.0.12 

• FortiOS 7.2.5

Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Impacted organizations should apply a security patch immediately.

Next Steps

• Ensure you are running the latest available fixed version of FortiOS.

Please contact Fortinet customer support for assistance.

_________________________________

MOVEit Vulnerabilities Alert | June 2023

Vulnerability Update

As of July 5th, 2023, several new vulnerabilities were announced. Organizations using MOVEit should immediately follow current remediation steps.

Background Information

On July 5th, 2023 several new vulnerabilities were discovered in MOVEit file transfer software. Progress, the software developer, is recommending users update to the latest fixed version immediately. This is in addition to prior patches that have been applied. Given mass-exploitation currently taking place against MOVEit software, we strongly urge you to take immediate action.

This new vulnerability is in addition to the zero-day vulnerability announced on May 31, 2023 (CVE-2023-34362) that has been under attack by the ransomware group, CLOP. If you followed our prior guidance to update and look for indicators of compromise (thank you), but please note you must now address this new vulnerability.

Impact of the Vulnerability

Attackers can exploit these vulnerabilities to gain unauthorized access to vulnerable systems. There are reports of mass-exploitation including data theft attacks against a large number of vulnerable targets, and at least one threat actor group has begun posting victim data on their leak site. Corvus has observed ransomware groups exploit similar vulnerabilities in file transfer software to steal and encrypt sensitive data. It is crucial that remediation steps are followed.

Next Steps

We encourage your organization to take the following steps recommended by the manufacturer, Progress Software, to mitigate against potential attack:

1. If you have NOT applied the May 2023 patch: Follow all the remediation steps in the following article: MOVEit Transfer Critical Vulnerability (May 2023) and then proceed to step 2.

   • Check your instance for Indicators of Compromise

2. If you have applied the May 2023 patch, upgrade to one of the versions listed in the table below.

Affected Versions of MOVEit

• MOVEit Transfer 2023.0.x (15.0.x)

  • Fixed Version (Full Installer): MOVEit Transfer 2023.0.4 (15.0.4)

  • Documentation: MOVEit 2023 Upgrade Documentation

  • Release Notes: MOVEit Transfer 2023.0.4 Release Notes

• MOVEit Transfer 2022.1.x (14.1.x)

  • Fixed Version (Full Installer): MOVEit Transfer 2022.1.8 (14.1.8)

  • Documentation: MOVEit 2022 Upgrade Documentation 

  • Release Notes: MOVEit Transfer 2022.1.8 Release Notes

• MOVEit Transfer 2022.0.x (14.0.x)

  • Fixed Version (Full Installer): MOVEit Transfer 2022.0.7 (14.0.7)

  • Documentation: MOVEit 2022 Upgrade Documentation  

  • Release Notes: MOVEit Transfer 2022.0.7 Release Notes

• MOVEit Transfer 2021.1.x (13.1.x)

  • Fixed Version (Full Installer): MOVEit Transfer 2021.1.7 (13.1.7)

  • Documentation: MOVEit 2021 Upgrade Documentation

  • Release Notes: MOVEit Transfer 2021.1.7 Release Notes

• MOVEit Transfer 2021.0.x (13.0.x)

  • Fixed Version (Full Installer): MOVEit Transfer 2021.0.9 (13.0.9)

  • Documentation: MOVEit 2021 Upgrade Documentation

  • Release Notes: MOVEit Transfer 2021.0.9 Release Notes

• MOVEit Transfer 2020.1.6 (12.1.6) or later

  • Fixed Version (Full Installer): Special Service Pack Available

  • Documentation: See KB 000236387 MOVEit Transfer 2020.1 Service Pack (July 2023)

  • Release Notes: MOVEit Transfer 2020.1.7 Release Notes

• MOVEit Transfer 2020.0.x (12.0.x) or older

  • Fixed Version (Full Installer): Must Upgrade to a Supported Version

  • Documentation: See MOVEit Transfer Upgrade and Migration Guide  

  • Release Notes: N/A

Indicators of Compromise

See file attachment cve-2023-34362-iocs.xlsx located at the bottom of the article here.

If you do notice any of the indicators noted above, please immediately contact your security and IT teams and open a ticket with Progress Technical Support at: https://community.progress.com/s/supportlink-landing.

If you are a Corvus policyholder, please immediately notify us of a potential claim using the email or hotline on your policy. Additional indicators and investigative context can be found in the articles below:

• https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft

• https://www.crowdstrike.com/blog/identifying-data-exfiltration-in-moveit-transfer-investigations/

This alert is provided for informational use only. Organizations will be solely responsible for remediation. Please consult with your IT department for more information or remediation guidance.