Rapid7 Vulnerability & Exploit Database

Progress MOVEit Transfer Critical Vulnerability (CVE-2023-34362): Privilege Escalation and Unauthorized Access (Remote)

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

Progress MOVEit Transfer Critical Vulnerability (CVE-2023-34362): Privilege Escalation and Unauthorized Access (Remote)

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/31/2023
Created
06/07/2023
Added
06/07/2023
Modified
06/21/2023

Description

Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. This check remotely interacts with the MOVEit Transfer API to detect versions to assess vulnerability.

Solution(s)

  • progress-moveit-transfer-critical-may-2023

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;