CVE-2023-34362

The vulnerable software is Progress MOVEit Transfer, which has a SQL injection vulnerability that allows unauthenticated access to the database. This vulnerability affects versions before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). All versions before these explicitly mentioned versions are affected, including older unsupported versions.

The exploit allows an attacker to gain access to the MOVEit Transfer database, infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. This vulnerability has been exploited in the wild since May and June 2023, and exploitation of unpatched systems can occur via HTTP or HTTPS.

Over 2,000 organizations and 60 million users have been impacted by this vulnerability, with the Clop ransomware gang being one of the groups exploiting it. The vulnerability has been used to steal sensitive employee information, including names, email addresses, phone numbers, and organizational structures.

A public exploit is available, and several security firms have released advisories and detection tools to help organizations identify and mitigate the vulnerability.

#MOVEit #SQLinjection #Clop #Ransomware #Cybersecurity #Vulnerability #Exploit #ProgressSoftware #DataBreach #CyberAttack