![]() Palo Alto Networks customers receive protections from and mitigations for CVE-2023-34362 in the following ways: Progress Software has provided mitigation guidance that all MOVEit Transfer customers should seriously consider following. This does not indicate whether the servers have been patched and it does not include servers running the web service over non-standard ports. ![]() Palo Alto Networks Xpanse indicates there are at least 2,377 MOVEit servers exposing HTTP/HTTPs traffic over ports 80 and 443. We will provide unique indicators of compromise (IoCs) observed by Unit 42, as well as IoCs we have observed that have also been reported by other researchers, to highlight the reuse of infrastructure across victim organizations. Although details are still being uncovered, the earliest evidence of exploitation is May 27. Unit 42 Incident Response has several ongoing investigations where the initial point of compromise appears to be the exploitation of CVE-2023-34362. ![]() The web shell also allowed threat actors to enumerate files and folders on the MOVEit Transfer server, read configuration information, download files, and create or delete MOVEit server user accounts. In all cases the vulnerability was being exploited to upload a web shell onto the MOVEit Transfer server. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data. On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |