CVE-2023-6218 - OpenCVE

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Progress	Moveit Transfer

Configuration 1 [-]

OR	cpe:2.3:a:progress:moveit_transfer::::::::
	cpe:2.3:a:progress:moveit_transfer::::::::
	cpe:2.3:a:progress:moveit_transfer::::::::
	cpe:2.3:a:progress:moveit_transfer::::::::
	cpe:2.3:a:progress:moveit_transfer::::::::

References

Link	Resource
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023	Release Notes Vendor Advisory
https://www.progress.com/moveit	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2023-11-29T16:14:17.324Z

Updated: 2023-11-29T16:14:17.324Z

Reserved: 2023-11-20T17:22:11.765Z

Link: CVE-2023-6218

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-29T17:15:07.587

Modified: 2023-12-05T17:10:33.747

Link: CVE-2023-6218

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6218", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2023-11-20T17:22:11.765Z", "datePublished": "2023-11-29T16:14:17.324Z", "dateUpdated": "2023-11-29T16:14:17.324Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["MOVEit Transfer Web Interface"], "product": "MOVEit Transfer", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "2023.1.1(15.1.1)", "status": "unaffected", "version": "2023.1.0(15.1.0)", "versionType": "semver"}, {"lessThan": "2023.0.7 (15.0.7)", "status": "affected", "version": "2023.0.0 (15.0.0)", "versionType": "semver"}, {"lessThan": "2022.1.10 (14.1.10)", "status": "affected", "version": "2022.1.0 (14.1.0)", "versionType": "semver"}, {"lessThan": "2022.0.9 (14.0.9)", "status": "affected", "version": "2022.0.0 (14.0.0)", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.<span style=\"background-color: rgb(255, 255, 255);\"><br></span></span>"}], "value": "\nIn Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.\u00a0 It is possible for a group administrator to elevate a group members permissions to the role of an organization\u00a0administrator.\n"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2023-11-29T16:14:17.324Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/moveit"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023"}], "source": {"discovery": "UNKNOWN"}, "title": "MOVEit Transfer Group Admin Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A99606D-C2F1-40F0-B682-8AF3A1214ED7", "versionEndIncluding": "2021.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "6985BD08-92E5-48EA-BB76-B85186F067EA", "versionEndExcluding": "2022.0.9", "versionStartIncluding": "2022.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "7753AA60-D5C5-47A7-AE71-0ED05DE24930", "versionEndExcluding": "2022.1.10", "versionStartIncluding": "2022.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "A01A6CCA-73BC-45BE-858A-24EEA00B81EC", "versionEndExcluding": "2023.0.7", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B7FB41C-AC16-4A5F-9C0D-CEF3E87084CF", "versionEndExcluding": "2023.1.2", "versionStartIncluding": "2023.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIn Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.\u00a0 It is possible for a group administrator to elevate a group members permissions to the role of an organization\u00a0administrator.\n"}, {"lang": "es", "value": "En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), se ha identificado una ruta de escalada de privilegios asociada con los administradores de grupo. Es posible que un administrador de grupo eleve los permisos de los miembros de un grupo al rol de administrador de la organizaci\u00f3n."}], "id": "CVE-2023-6218", "lastModified": "2023-12-05T17:10:33.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@progress.com", "type": "Secondary"}]}, "published": "2023-11-29T17:15:07.587", "references": [{"source": "security@progress.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://www.progress.com/moveit"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@progress.com", "type": "Secondary"}]}