Zero-Day Alert: CVE-2023-34362 – SQLi Vulnerability in MOVEit Transfer Web Application

by do son · Published · Updated

CVE-2023-34362
Image: huntress

In an increasingly interconnected world, the importance of securing data has never been more pertinent. In the shadows of our digital landscapes, zero-day vulnerabilities often lurk, waiting to be exploited. Today, we cast a spotlight on one such newly identified vulnerability – CVE-2023-34362 – a SQL injection vulnerability lurking in the MOVEit Transfer web application.

MOVEit Transfer, a popular tool in the realm of managed file transfers, has been under siege. Unauthenticated attackers have been leveraging a SQL injection vulnerability found in versions before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). This vulnerability grants them potential access to the MOVEit Transfer’s database – a veritable treasure trove of sensitive information.

Depending on the database engine in use (MySQL, Microsoft SQL Server, or Azure SQL), these cyber bandits may gain insights into the structure and contents of the database. They can also execute SQL statements that manipulate, alter, or even delete crucial database elements. The threat of exploitation over HTTP or HTTPS looms large over unpatched systems.

Image: huntress

As per Huntress and Rapid7, an alarming 2,500 instances of MOVEit Transfer were exposed to the public internet as of May 31, 2023. The majority of these exposed instances were found in the U.S., raising significant cybersecurity concerns.

In response to this revelation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) was quick to issue an alert. It urged all users and organizations using MOVEit Transfer to follow specific mitigation steps to guard against potential malicious activity.

Among the advised steps, isolating servers is of utmost importance. Blocking both inbound and outbound traffic can significantly curtail the scope of potential attacks. Rigorous inspection of environments for possible indicators of compromise (IoCs) is also essential. It is recommended to delete any identified IoCs before applying the necessary fixes.

The discovery of CVE-2023-34362 serves as yet another reminder of the constant threats that shadow our digital world. Uncovered in the wild in May and June 2023, this SQL injection vulnerability in the MOVEit Transfer web application is a potent reminder of the persistent cybersecurity risks we face.

Tags: CVE-2023-34362MOVEit Transfer