Link Search Menu Expand Document

MOVEit Transfer CVE-2023-34362

Affected product: [ipswith Manager File Transfer] (https://www.ipswitch.com/moveit)

Impact: Allow adversary to install a webshell backdoor and perform remote actions on victim’s machine Thousands organizations use MOVEit.

CVE-ID: CVE-2023-34362 , CVE-2023-35036, and CVE-2023-35708

Disclosure date: 2023 05 31

Recommended action:

  1. Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment
  2. Review, Delete and Reset
  3. Apply the Patch

Noteworthy: Estimated 2500+ instances exposed, 150+ Clop ransom attacks, 16M+ people’s data exposed

References

[CVE-2023-34362] (https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023) CISA Advisory for MOVEit Transfer