MOVEit or Lose it: Securing assets from critical MOVEit flaw with Xpanse ASM

Jun 13, 2023
3 minutes

On May 31, 2023, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data. This critical vulnerability has raised concerns for many organizations since it could allow threat actors to steal data from compromised systems.

Cortex Xpanse researchers scanned the global internet and found there are at least 2,377 MOVEit servers exposed over ports 80 and 443. This does not indicate whether the servers have been patched and it does not include servers running the web service over non-standard ports. However, vulnerable systems pose a serious threat to organizations and public reporting indicates successful exploitation for several organizations. It is expected that this threat will continue to evolve and impact more organizations as time goes on, if the MOVEit vulnerability is not appropriately remediated.

To mitigate the risks associated with the MOVEit vulnerability, organizations must proactively manage their attack surface. To assist organization’s with this specific vulnerability, Xpanse has developed a specialized Attack Surface Rule dedicated to searching for exposed instances of MOVEit. By implementing a dedicated Attack Surface Rule for MOVEit technologies, Xpanse ensures that vulnerable instances of the software are surfaced to organizations in a timely manner. This focused approach enables organizations to swiftly identify and address vulnerabilities, minimizing the risk of exploitation.

Figure 1. MOVEit Attack Surface Rule
Figure 1. MOVEit Attack Surface Rule


In addition to an Attack Surface Rule for MOVEit, Xpanse integrates threat intelligence information into the platform through the brand new Threat Response Center. By harnessing up-to-date information about the most critical, known vulnerabilities, exploit techniques, and threat actors, Xpanse empowers organizations to proactively address vulnerabilities before they are widely exploited. This integration significantly enhances an organization's ability to fortify their defenses against emerging threats, such as the MOVEit vulnerability.

Figure 2. Xpanse’s Threat Response Center with new information on the MOVEit vulnerability as it is available
Figure 2. Xpanse’s Threat Response Center with new information on the MOVEit vulnerability as it is available


The exploitation of the MOVEit vulnerability highlights the critical need for organizations to implement effective attack surface management practices. Xpanse Active Attack Surface Management scans both internal and external assets, comprehensively identifying potential security exposures and vulnerabilities on an organization's attack surface. Now, with its specialized Attack Surface Rule for MOVEit technologies, Xpanse further enables organizations to proactively search for and address vulnerabilities, bolstering their security posture.

To learn more about Active Attack Surface Management, read our datasheet.

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.