GreyNoise Launches Block: Fully configurable, real-time blocklists
CVE-2023-34362 was publicly disclosed on May 31, 2023, by Progress Software. However, it had been exploited in the wild for several weeks before disclosure. The Cl0p ransomware group was one of the first attackers to exploit CVE-2023-34362, using it to steal data from many high-profile organizations.
The vulnerability is a SQL injection flaw that allows an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
The exploitation of CVE-2023-34362 has had significant impacts. Cl0p's May 2023 exploitation of the vulnerability included a major telecommunications company and a large financial services firm. In June 2023, a healthcare provider was forced to shut down its systems after being attacked by CVE-2023-34362. Moreover, in July 2023, CVE-2023-34362 compromised organizations connected to government agencies, and sensitive data was stolen.
As of November 2023, the vulnerability has been widely exploited in the wild, targeting numerous organizations. Despite the release of a patch for CVE-2023-34362 on June 16, 2023, the vulnerability continues to plague organizations.
Despite the release of a patch, CVE-2023-34362 remains a significant concern for defenders. The vulnerability allows unauthenticated attackers to inject malicious code into MOVEit Transfer servers, potentially leading to significant data breaches, loss of sensitive information, and severe disruption of services.
Furthermore, even after patching, systems that have already been compromised may still be at risk. Patching alone is insufficient to address potential threat actor access to systems that have already been compromised.
In addition, since the release of a patch for CVE-2023-34362, two additional SQL injection vulnerabilities (CVE-2023-35036 and CVE-2023-35708) have been discovered in MOVEit Transfer, both deemed critical by Progress Software. While they may not have as big of an impact as CVE-2023-34362, as their exploitation in the wild doesn’t seem to be as widespread, they still pose a significant risk.
