MOVEit Transfer Vulnerability - CVE-2023-34362
Incident Report for Rapid Response Status Page
Resolved
Over the last few days, Team Axon has been researching the recently published MOVEit Transfer vulnerability, CVE-2023-34362. This is a SQL injection vulnerability that allows an unauthenticated attacker to gain read and write access to MOVEit Transfer’s database, which can ultimately allow the attacker to deploy a webshell backdoor on the impacted server to gain wider access.

The vulnerability affects the MOVEit Transfer application on versions before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), 2023.0.1 (15.0.1). For more technical information see the article in Progress Community - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

It is highly recommended to follow the suggested mitigations in the article in order to prevent successful exploitation.

The team scanned customers’ environments to identify active MOVEit appliances and successful exploitations. Relevant impacted customers will be notified directly.
Check the Rapid Response Git repository for relevant IOCs and visibility query based on Hunters schemas -
IOCs - https://github.com/axon-git/rapid-response/blob/main/CVE-2023-34362/moveit_vulnerability_iocs.json
Visibility query - https://github.com/axon-git/rapid-response/blob/main/CVE-2023-34362/moveit_edr_visibility_query.sql

Feel free to reach out to the team with any questions regarding the threat.

Sincerely,
Team Axon
Posted Jun 05, 2023 - 15:07 UTC
This incident affected: Rapid Response.