PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical Structured Query Language injection (SQLi) vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) in the MOVEit Transfer product. Palo Alto Networks does not use MOVEit Transfer and is not impacted by these vulnerabilities.
Protecting our customers is our highest priority. Palo Alto Networks and its Unit 42 threat research team are continuing to closely monitor all developments. You can find regular updates, as well as Palo Alto Networks product protections and interim guidance here: https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| WildFire Cloud | None | All |
| WildFire Appliance (WF-500) | None | All |
| User-ID Agent | None | All |
| SaaS Security | None | All |
| Prisma SD-WAN ION | None | All |
| Prisma SD-WAN (CloudGenix) | None | All |
| Prisma Cloud Compute | None | All |
| Prisma Cloud | None | All |
| Prisma Access | None | All |
| PAN-OS | None | All |
| Palo Alto Networks App for Splunk | None | All |
| Okyo Garde | None | All |
| IoT Security | None | All |
| GlobalProtect App | None | All |
| Expedition Migration Tool | None | All |
| Expanse | None | All |
| Exact Data Matching CLI | None | All |
| Enterprise Data Loss Prevention | None | All |
| Cortex XSOAR | None | All |
| Cortex Xpanse | None | All |
| Cortex XDR Agent | None | All |
| Cortex XDR | None | All |
| Cortex Data Lake | None | All |
| Cloud NGFW | None | All |
| Bridgecrew | None | All |
| AutoFocus | None | All |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
Solution
No software updates are required at this time.
Workarounds and Mitigations
Palo Alto Networks product protections for MOVEit Transfer vulnerabilities are captured in Unit 42's Threat Brief: https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/. These mitigations reduce the risk of exploitation from known exploits.