Help CenterWhat is the MOVEit Vulnerability (CVE-2023-34362)?
The MOVEit Vulnerability (CVE-2023-34362) is a SQL injection vulnerability that has been found in the MOVEit Transfer web application. It could allow an unauthenticated attacker to gain access to MOVEit Transfer's database.
Common Mitigations
- Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate applications.
- Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices such as firewalls and routers.
- Regularly patch and update software and applications to their latest versions, and conduct regular vulnerability assessments.
ThreatLocker Recommendations
ThreatLocker recommends Ringfencing both MOVEit and IIS from the internet, preventing it from accessing the following IP addresses:
- 138.197.152 [.]201
- 209.97.137 [.]33
- 5.252.191 [.]0/24
- 148.113.152 [.]144
- 89.39.105.108
In addition to Ringfencing, ThreatLocker recommends creating a Network Control policy to deny all incoming traffic on ports 80 and 443 until the patch for CVE-2023-34362 can be applied.
Finally, ThreatLocker recommends creating a Storage Control policy which prevents writing the file named human2.aspx by any application.
External Resources
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a