TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
On June 15th, 2023, CERT Vanuatu received an advisory from its collaborating partner, Cybersecurity Infrastructure Security Agency (CISA) for a privilege escalation vulnerability in MOVEit Transfer – a managed File Transfer Software.
What is it?
Progress has discovered a vulnerability in MOVEit Transfer. This could lead to escalated privileges and potential unauthorized access to the environment.
[/spoiler]
[spoiler title="Technical Details of CVE – MOVEit Transfer Critical Vulnerability – CVE Pending"]
Announced 15th of June 2023
Products MOVEit
The Vulnerability, CVE-2023-27997, is a heap-based buffer bug that allows unauthenticated remote code execution (RCE) on the affected system.
What should I do to Stay Safe?
To prevent unauthorized access to your MOVEit Tansfer environment, It is recommended to please apply the following mitigation measures.
Disable all HTTP/HTTPS traffic to your MOVEit Transfer environment
Modify Firewall rules to deny HTTP and HTTPS to MOVEit Transfer on ports 80 and 443
- Avoid Login to MOVEit Transfer Web UI (User Interface)
- Note that Automation tasks, REST, Java and .NET APIS will not work.
- MOVEit Transfer add-infor outlook will not work.
References
- https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability
- https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
- Download advisory (English): CVE – MOVEit Transfer Critical Vulnerability
- Download advisory (French): CVE - MOVEit Transfer
- Download advisory (Bislama): CVE – MOVEit Transfer Vulnerabiliti