Known Exploited Vulnerability
9.8
CRITICAL
CVE-2023-34362
Progress MOVEit Transfer SQL Injection Vulnerabili - [Actively Exploited]
Description

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

INFO

Published Date :

June 2, 2023, 2:15 p.m.

Last Modified :

Aug. 14, 2024, 3:37 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

Required Action :

Apply updates per vendor instructions.

Notes :

This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023.

Public PoC/Exploit Available at Github

CVE-2023-34362 has a 33 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-34362 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Progress moveit_transfer
2 Progress moveit_cloud
: Total Affected Vendor : 1 | Products : 2
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-34362.

URL Resource
http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html Exploit Third Party Advisory VDB Entry
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
aditibv/MOVEit-CVE-2023-34362

This repository investigates the exploitation of CVE-2023-34362 in the MOVEit file transfer server by the TA505 (Cl0p) ransomware group. It explores the group's tactics and past campaigns targeting file transfer applications, aiming to enhance understanding and defensive measures against such threats.

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 4, 2024, 9:13 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
glen-pearson/MoveIT-CVE-2023-34362-RCE

Modified RCE with a remote shell and logging

Ruby Lua

Updated: 2 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : June 28, 2024, 5:13 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
0xMarcio/cve

Latest CVEs with their Proof of Concept exploits.

Python

Updated: 1 week, 3 days ago
5 stars 1 fork 1 watcher
Born at : May 24, 2024, 11:02 a.m. This repo has been linked 78 different CVEs too.
Profile Photo
liam-ng/fluffy-computing-machine

Cybersecurity Breaches for Payment Industry (Billtrust & Fiserv)

Updated: 7 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Jan. 24, 2024, 2:40 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
most-e/Capstone

None

Updated: 8 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Jan. 10, 2024, 5:31 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
whitfieldsdad/cisa_kev

A wildly opinionated Python 3 library for working with the CISA Known Exploited Vulnerabilities (KEV) catalog

Python Makefile

Updated: 2 months, 4 weeks ago
3 stars 0 fork 0 watcher
Born at : Jan. 9, 2024, 5:51 p.m. This repo has been linked 11 different CVEs too.
Profile Photo
Chinyemba-ck/MOVEit-CVE-2023-34362

A video presentation analysing the technical details, scale and lessons to be learned from the MOVEit CVE-2023=3462(CS50 Introduction to Cyber Security Finale Project)

Updated: 8 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Jan. 1, 2024, 12:55 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
PudgyDragon/IOCs

Repository of IOCs that can be pulled into tools.

Python PowerShell YARA

Updated: 2 weeks, 6 days ago
1 stars 0 fork 0 watcher
Born at : Dec. 12, 2023, 1:50 p.m. This repo has been linked 6 different CVEs too.
Profile Photo
UNC1739/awesome-vulnerability-research

None

Updated: 7 months, 3 weeks ago
2 stars 0 fork 0 watcher
Born at : Oct. 13, 2023, 4:05 p.m. This repo has been linked 19 different CVEs too.
Profile Photo
nitish778191/fitness_app

None

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Sept. 4, 2023, 6:14 a.m. This repo has been linked 25 different CVEs too.
Profile Photo
jake-44/Research

Research conducted involving security vulnerabilities, incidents, emerging technology, current events, and more.

Updated: 9 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Sept. 2, 2023, 1:31 p.m. This repo has been linked 11 different CVEs too.
Profile Photo
errorfiathck/MOVEit-Exploit

an exploit of POC for CVE-2023-34362 affecting MOVEit Transfer

exploit kali-linux moveit python python3

Python

Updated: 8 months, 1 week ago
2 stars 0 fork 0 watcher
Born at : Aug. 31, 2023, 1:25 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
CharonDefalt/printer-exploit-toronto

None

Python

Updated: 9 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : Aug. 11, 2023, 7:15 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
horizon3ai/CVE-2023-26067

Lexmark CVE-2023-26067

Python

Updated: 2 months ago
22 stars 5 fork 5 watcher
Born at : Aug. 7, 2023, 8:55 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
BenjiTrapp/cisa-known-vuln-scraper

Scraper for daily renewal of the Known Exploited Vulnerabilities Catalog by CISA

cisa cisa-kev github-actions known-vuln vulnerability-management

Jupyter Notebook Dockerfile Shell

Updated: 1 week, 4 days ago
5 stars 0 fork 0 watcher
Born at : July 23, 2023, 4:30 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-34362 vulnerability anywhere in the article.

  • Cybersecurity News
SSN, Banking Details at Risk in Major Texas Credit Union Breach

The largest credit union in Texas, Texas Dow Employees Credit Union (TDECU), has reported a significant data breach affecting more than 500,000 individuals. The incident may have compromised Social Se ... Read more

Published Date: Aug 28, 2024 (3 weeks ago)
CVE-2024-43202 CVE-2024-38063 CVE-2024-27793 CVE-2023-45614 CVE-2023-34362
  • The Cyber Express
SEC Won’t Bring Charges Against Progress Software Over MOVEit Supply Chain Attack

In a surprising move, the U.S. Securities and Exchange Commission (SEC) has decided not to bring charges against Progress Software over last year’s MOVEit software supply chain attack that exposed the ... Read more

Published Date: Aug 08, 2024 (1 month, 1 week ago)
CVE-2024-5806 CVE-2023-34362
  • Cyber Security News
New MOVEit File Transfer Vulnerability Let Attackers Escalate Privileges

Progress Software has disclosed a new high-severity vulnerability in its MOVEit Transfer file transfer solution that could allow attackers to escalate privileges through improper authentication. The v ... Read more

Published Date: Jul 30, 2024 (1 month, 2 weeks ago)
CVE-2024-6576 CVE-2023-34362
  • huntress.com
MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response | Huntress

UPDATED: 1 June 2023 @ 1733 ET - Added shareable Huntress YARA rule for assistance in detection effortUPDATED: 1 June 2023 @ 2023 ET - Added Kostas community Sigma rule to assist in detection effortsU ... Read more

Published Date: Jul 08, 2024 (2 months, 1 week ago)
CVE-2023-35036 CVE-2023-34362
  • curatedintel.org
CL0P likes to MOVEit MOVEit

CL0P likes to MOVEit MOVEit BackgroundFor the last couple of years, the threat actors associated with the CL0P ransomware group have occasionally ditched encryption in favour of exploiting file transf ... Read more

Published Date: Jun 08, 2023 (1 year, 3 months ago)
CVE-2023-34362

The following table lists the changes that have been made to the CVE-2023-34362 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 03, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-89
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Modified Analysis by [email protected]

    Jun. 27, 2024

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html No Types Assigned http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html Exploit, Third Party Advisory, VDB Entry
    Changed CPE Configuration OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (including) 2020.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.0 up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2 OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jun. 23, 2023

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html [No Types Assigned]
  • Modified Analysis by [email protected]

    Jun. 20, 2023

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html No Types Assigned http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html Third Party Advisory, VDB Entry
  • CVE Modified by [email protected]

    Jun. 14, 2023

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html [No Types Assigned]
  • Initial Analysis by [email protected]

    Jun. 12, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 No Types Assigned https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Vendor Advisory
    Added CWE NIST CWE-89
    Added CPE Configuration OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (including) 2020.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.0 up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2
  • CVE Modified by [email protected]

    Jun. 05, 2023

    Action Type Old Value New Value
    Changed Description In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-34362 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-34362 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

97.04 }} -0.06%

score

0.99798

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: