⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2023-06-23.
CVE-2023-34362 — MOVEit: SQL Injection in Progress MOVEit Transfer
Severity
9.8CRITICALNVD
EPSS
94.3%
top 0.07%
CISA KEV
KEVRansomware
Added 2023-06-02
Due 2023-06-23
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJun 2
KEV addedJun 2
KEV dueJun 23
Latest updateJan 7
CISA Required Action: Apply updates per vendor instructions.
Description
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and exe…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages11 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1Nuclei▶
MOVEit Transfer - Remote Code Execution
🔍Detection Rules
14Suricata▶
ET WEB_SPECIFIC_APPS MOVEit File Transfer - Trigger SQL Injection via guestaccess.aspx - CVE-2023-34362 Stage 2↗2023-06-12
Suricata▶
ET WEB_SPECIFIC_APPS MOVEit File Transfer - Successful Folder Request - CVE-2023-34362 Stage 4↗2023-06-12
Suricata▶
ET WEB_SPECIFIC_APPS MOVEit File Transfer - Set Session Variables - SQLi Payload Creation - CVE-2023-34362 Stage 5a↗2023-06-12
Suricata▶
ET WEB_SPECIFIC_APPS MOVEit File Transfer - Payload Trigger Request - CVE-2023-34362 Stage 5b↗2023-06-12
Suricata▶
ET WEB_SPECIFIC_APPS MOVEit File Transfer - CSRF Token Request on guestaccess.aspx - CVE-2023-34362 Stage 1b↗2023-06-12