Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-34362
CVE-2023-34362:
MOVEit Transfer vulnerability analysis and mitigation
Overview
A critical SQL injection vulnerability (CVE-2023-34362) was discovered in the MOVEit Transfer web application in May 2023. The vulnerability affects MOVEit Transfer versions before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). This vulnerability allows an unauthenticated attacker to gain access to MOVEit Transfer's database (NVD).
Technical details
The vulnerability is a SQL injection flaw that enables attackers to execute SQL statements that can alter or delete database elements. The attack can be performed via HTTP or HTTPS, and depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).
Impact
The exploitation of this vulnerability can lead to unauthorized access to sensitive data, including passwords, credit card details, and personal user information. The vulnerability has been actively exploited in the wild by the CL0P ransomware group, affecting organizations across various sectors globally. The attack allows for data exfiltration and potential database manipulation (Rapid7).
Mitigation and workarounds
Progress Software has released patches to address the vulnerability. Organizations are advised to update to the latest version of MOVEit Transfer immediately. Additionally, Progress Software recommends that customers check for indicators of unauthorized access over the past 30 days. The company has also developed specific monitoring signatures on their endpoint protection system and engaged outside cybersecurity experts for forensic investigation (Rapid7).
Community reactions
The vulnerability has garnered significant attention due to its widespread impact. Major organizations including BA, BBC, and Boots have disclosed breaches related to this vulnerability. The CL0P ransomware group publicly claimed responsibility for the attacks and demanded that victim organizations contact them to negotiate extortion fees (Rapid7).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management