What is CVE-2023-34362?
Note: The updated announcement was originally made on June 5th and updated July 31st.
CVE-2023-34362 is an SQL injection (SQLi) vulnerability that has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.
SQL Injection (SQLi) poses significant risks as it allows attackers to potentially steal, manipulate, or delete sensitive data from databases. Furthermore, SQLi vulnerabilities can also lead to Remote Code Execution (RCE), enabling attackers to execute malicious code and compromise the affected system.
According to the advisory released by Progress, depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL) the attacker has the potential to infer information about the structure and contents of the database, in addition to executing SQL statements that can modify or delete elements within the database.
Is CVE-2023-34362 exploited in the wild?
According to reports, CVE-2023-34362 is exploited in the wild in May and June 2023. Note that unpatched systems can be exploited via HTTP or HTTPS. At this point, there is no PoC or documented exploit for this CVE. IONIX research is tracking the development of this zero day vulnerability and will update on any changes.
Which version of MOVEit Transfer has been impacted?
All MOVEit Transfer versions are affected by this vulnerability. The software has been updated with fixed versions (refer to the table below), and it is crucial to promptly apply the provided patches.
|Affected Version||Fixed Version||Documentation|
|MOVEit Transfer 2023.0.0 (15.0)||MOVEit Transfer 2023.0.1||MOVEit 2023 Upgrade Documentation|
|MOVEit Transfer 2022.1.x (14.1)||MOVEit Transfer 2022.1.5||MOVEit 2022 Upgrade Documentation|
|MOVEit Transfer 2022.0.x (14.0)||MOVEit Transfer 2022.0.4|
|MOVEit Transfer 2021.1.x (13.1)||MOVEit Transfer 2021.1.4||MOVEit 2021 Upgrade Documentation|
|MOVEit Transfer 2021.0.x (13.0)||MOVEit Transfer 2021.0.6|
|MOVEit Transfer 2020.1.x (12.1)||Special Patch Available||See KB 000234559|
|MOVEit Transfer 2020.0.x (12.0) or older||MUST upgrade to a supported version||See MOVEit Transfer Upgrade and Migration Guide|
|MOVEit Cloud||MOVEit Transfer 184.108.40.206 |
MOVEit Transfer 220.127.116.11
|All MOVEit Cloud systems are fully patched at this time. |
Cloud Status Page
How big is the risk from the MOVEit Transfer Vulnerability?
IONIX Research conducted non-intrusive scans to identify assets that are at risk to CVE-2023-34362 across our customer base and our database of enterprises. Our findings showed that less than 3% of the organizations have publicly exposed assets running MOVEit Transfer that could potentially be vulnerable to CVE-2023-34362.
While the vulnerability is exploited in the wild, until there is a documented Exploit PoC it’s hard to understand the complexity and success rate. For this reason, the EPSS score of CVE-2023-34362 is 0.18 (on a scale of 0 to 1), positioning it within the 86th percentile of CVE vulnerabilities. For comparison, issues that are classified by the IONIX research team as immediately exploitable (e.g., Log4Shell) have EPSS very close to 1.
If and when a PoC is published the situation may become critical in an instant.
Accelerating mitigation of CVE-2023-34362
The best practice is to patch every component that is potentially vulnerable to the MOVEit Transfer CVE. The first step requires you to identify every such asset across your attack surface and its digital supply chain.
Here are the steps:
- Conduct an attack surface discovery
- Map your digital supply chain list all internal and digital supply chain assets that may be vulnerable to CVE-2023-34362
- Identify owners of these assets within your organization
- Mobilize patching to ensure your assets and organizations are safe
- Stay tuned for developments from IONIX Research and the community
If you require assistance in identifying relevant assets and determining whether MOVEit is directly or indirectly impacting them (e.g., through their digital supply chain), ask us for an automated scan, today.