CVE-2023-34362
Description
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
Severity: CRITICAL
CVE ID: CVE-2023-34362
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-34362
Refrence: Project Discovery GitHub
deepinstinct
CVE-2023-34362-IOCs. More information on Deep Instinct's blog site.
Refrence: GitHub
horizon3ai
MOVEit CVE-2023-34362
Refrence: GitHub
sfewer-r7
CVE-2023-34362: MOVEit Transfer Unauthenticated RCE
Refrence: GitHub
kenbuckler
Repository with everything I have tracking the impact of MOVEit CVE-2023-34362
Refrence: GitHub
Malwareman007
POC for CVE-2023-34362 affecting MOVEit Transfer
Refrence: GitHub
toorandom
This shellscript given the OrgKey 0 will parse the header of the base64 artifacts found in MOVEit Logs and decrypt the Serialized object used a payload
Refrence: GitHub
errorfiathck
an exploit of POC for CVE-2023-34362 affecting MOVEit Transfer
Refrence: GitHub
Chinyemba-ck
A video presentation analysing the technical details, scale and lessons to be learned from the MOVEit CVE-2023=3462(CS50 Introduction to Cyber Security Finale Project)
Refrence: GitHub
Content on GitHub
lithuanian-g | watchers:0
cve-2023-34362-iocs
CSV File Containing CVE-2023-34362 IOCs
Refrence: GitHub