CVE-2023-34362
Progress MOVEit Transfer SQL Injection Vulnerabili - [Actively Exploited]
Description
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
INFO
Published Date :
June 2, 2023, 2:15 p.m.
Last Modified :
Aug. 14, 2024, 3:37 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.
Apply updates per vendor instructions.
This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023.
Public PoC/Exploit Available at Github
CVE-2023-34362 has a 33 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2023-34362
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-34362.
| URL | Resource |
|---|---|
| http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | Third Party Advisory VDB Entry |
| http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
| https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 | Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
This repository investigates the exploitation of CVE-2023-34362 in the MOVEit file transfer server by the TA505 (Cl0p) ransomware group. It explores the group's tactics and past campaigns targeting file transfer applications, aiming to enhance understanding and defensive measures against such threats.
Modified RCE with a remote shell and logging
Ruby Lua
Latest CVEs with their Proof of Concept exploits.
Python
Cybersecurity Breaches for Payment Industry (Billtrust & Fiserv)
None
A wildly opinionated Python 3 library for working with the CISA Known Exploited Vulnerabilities (KEV) catalog
Python Makefile
A video presentation analysing the technical details, scale and lessons to be learned from the MOVEit CVE-2023=3462(CS50 Introduction to Cyber Security Finale Project)
Repository of IOCs that can be pulled into tools.
Python PowerShell YARA
None
None
Research conducted involving security vulnerabilities, incidents, emerging technology, current events, and more.
an exploit of POC for CVE-2023-34362 affecting MOVEit Transfer
exploit kali-linux moveit python python3
Python
None
Python
Lexmark CVE-2023-26067
Python
Scraper for daily renewal of the Known Exploited Vulnerabilities Catalog by CISA
cisa cisa-kev github-actions known-vuln vulnerability-management
Jupyter Notebook Dockerfile Shell
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-34362 vulnerability anywhere in the article.
-
TheCyberThrone
Top 15 Most Exploited Vulnerabilities in 2023
In a joint cybersecurity advisory, the security agencies across the world have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure ... Read more
-
SentinelOne
The State of Cloud Ransomware in 2024
Overview Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm. Cloud services inherently provide an advantage over endpoint and web server-based servic ... Read more
-
SentinelOne
The State of Cloud Ransomware in 2024
Overview Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm. Cloud services inherently provide an advantage over endpoint and web server-based servic ... Read more
-
The Register
Five Eyes infosec agencies list 2024's most exploited software flaws
The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have ... Read more
-
Cybersecurity News
2023’s Most Exploited Vulnerabilities: A Global Cybersecurity Advisory
In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of 2 ... Read more
-
AttackIQ
Response to CISA Advisory (AA24-317A): 2023 Top Routinely Exploited Vulnerabilities
On November 12, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA) providing details on the Common Vulnerabilities and Exposures (CVEs) routin ... Read more
-
The Cyber Express
Top 15 Exploited Cyber Vulnerabilities Revealed: Five Eyes Alliance Urges Immediate Patching
The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more
-
Dark Reading
Amazon Employee Data Compromised in MOVEit Breach
Source: Ian Dagnall via Alamy Stock PhotoAmazon has confirmed that its employees' data was exposed on a cybercrime forum due to the now-infamous MOVEit vulnerability.The vulnerability, tracked as CVE- ... Read more
-
BleepingComputer
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advis ... Read more
-
security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023
De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more
-
The Register
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability. "Amazon and AWS systems remain secure, and we have not experienced a security ... Read more
-
Help Net Security
Massive troves of Amazon, HSBC employee data leaked
A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May 2023 ... Read more
-
Palo Alto Networks Blog
Cloud Security — Maturing Past the Awkward Teenage Years
Nathaniel Quist – Cloud Security The genesis of cloud computing can be traced back to the 1960s concept of utility computing, but it came into its own with the launch of Amazon Web Services (AWS) in 2 ... Read more
-
Palo Alto Networks Blog
The Top 5 Largest Scale Intrusions in 2023
What Powered Them? Large-scale cyber intrusions increased during 2023, exploiting vulnerabilities in web applications and internet-facing software. Attackers favored this attack vector even more than ... Read more
-
Cybersecurity News
SSN, Banking Details at Risk in Major Texas Credit Union Breach
The largest credit union in Texas, Texas Dow Employees Credit Union (TDECU), has reported a significant data breach affecting more than 500,000 individuals. The incident may have compromised Social Se ... Read more
-
The Cyber Express
SEC Won’t Bring Charges Against Progress Software Over MOVEit Supply Chain Attack
In a surprising move, the U.S. Securities and Exchange Commission (SEC) has decided not to bring charges against Progress Software over last year’s MOVEit software supply chain attack that exposed the ... Read more
-
Cyber Security News
New MOVEit File Transfer Vulnerability Let Attackers Escalate Privileges
Progress Software has disclosed a new high-severity vulnerability in its MOVEit Transfer file transfer solution that could allow attackers to escalate privileges through improper authentication. The v ... Read more
-
huntress.com
MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response | Huntress
UPDATED: 1 June 2023 @ 1733 ET - Added shareable Huntress YARA rule for assistance in detection effortUPDATED: 1 June 2023 @ 2023 ET - Added Kostas community Sigma rule to assist in detection effortsU ... Read more
-
New Jetpack Site
Gravi vulnerabilità in MOVEit
N240626 CERT-Yoroi informa che sono state rese note due gravi vulnerabilità sui prodotti Progress MOVEit Transfer e MOVEit Gateway che consentono ad utenti malintenzionati di eseguire bypass authentic ... Read more
-
curatedintel.org
CL0P likes to MOVEit MOVEit
CL0P likes to MOVEit MOVEit BackgroundFor the last couple of years, the threat actors associated with the CL0P ransomware group have occasionally ditched encryption in favour of exploiting file transf ... Read more
The following table lists the changes that have been made to the
CVE-2023-34362 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jul. 03, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-89 Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -
Modified Analysis by [email protected]
Jun. 27, 2024
Action Type Old Value New Value Changed Reference Type http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html No Types Assigned http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html Exploit, Third Party Advisory, VDB Entry Changed CPE Configuration OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (including) 2020.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.0 up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2 OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Jun. 23, 2023
Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html [No Types Assigned] -
Modified Analysis by [email protected]
Jun. 20, 2023
Action Type Old Value New Value Changed Reference Type http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html No Types Assigned http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html Third Party Advisory, VDB Entry -
CVE Modified by [email protected]
Jun. 14, 2023
Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html [No Types Assigned] -
Initial Analysis by [email protected]
Jun. 12, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 No Types Assigned https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Vendor Advisory Added CWE NIST CWE-89 Added CPE Configuration OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (including) 2020.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.0 up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2 -
CVE Modified by [email protected]
Jun. 05, 2023
Action Type Old Value New Value Changed Description In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-34362 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-34362
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
96.94 }} -0.06%
score
0.99771
percentile