CVE-2023-34362:SQL Injection vulnerability in Progress MOVEit Transfer allows unauthenticated attackers to access and manipulate the database.

splash
Back

Description Preview

A critical SQL injection vulnerability (CVE-2023-34362) has been discovered in Progress MOVEit Transfer versions prior to specific security patches. This vulnerability allows unauthenticated attackers to gain unauthorized access to the MOVEit Transfer's database. Depending on the database engine in use (MySQL, Microsoft SQL Server, or Azure SQL), attackers can potentially extract database structure information, view sensitive contents, and execute malicious SQL statements that could alter or delete database elements. This vulnerability has been actively exploited in the wild during May and June 2023, with attacks possible via both HTTP and HTTPS protocols.

Overview

CVE-2023-34362 is a SQL injection vulnerability (CWE-89) affecting Progress MOVEit Transfer web application. The vulnerability impacts all versions before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), including older unsupported versions. This vulnerability is particularly severe as it:

  1. Requires no authentication to exploit
  2. Provides direct access to the underlying database
  3. Allows attackers to potentially view, modify, or delete database content
  4. Has been actively exploited in the wild
  5. Can be exploited through both encrypted (HTTPS) and unencrypted (HTTP) connections

The vulnerability has been associated with widespread attacks against organizations using MOVEit Transfer, resulting in data breaches and system compromises.

Remediation

Organizations using MOVEit Transfer should take the following actions immediately:

  1. Update to the patched versions:

    • Version 2021.0.6 (13.0.6) or later
    • Version 2021.1.4 (13.1.4) or later
    • Version 2022.0.4 (14.0.4) or later
    • Version 2022.1.5 (14.1.5) or later
    • Version 2023.0.1 (15.0.1) or later

  2. If immediate patching is not possible:

    • Consider temporarily disconnecting MOVEit Transfer from the internet
    • Implement additional network security controls to restrict access
    • Monitor systems for indicators of compromise

  3. Post-update actions:

    • Review database logs for suspicious activity
    • Check for unauthorized user accounts or modifications
    • Verify data integrity
    • Consider changing database credentials

  4. For systems that may have been compromised:

    • Conduct a thorough forensic investigation
    • Restore from known good backups if necessary
    • Follow breach notification requirements if data exposure occurred

References

  1. Vendor Advisory: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
  2. Technical Analysis and Exploit Information: http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html
  3. Additional Exploit Details: http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html
  4. CWE-89: SQL Injection: https://cwe.mitre.org/data/definitions/89.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  2. Accommodation & Food Services: Low
    Accommodation & Food Services
  3. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  4. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  5. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  6. Construction: Low
    Construction
  7. Educational Services: Low
    Educational Services
  8. Finance and Insurance: Low
    Finance and Insurance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background