PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical Structured Query Language injection (SQLi) vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) in the MOVEit Transfer product. Palo Alto Networks does not use MOVEit Transfer and is not impacted by these vulnerabilities.
Protecting our customers is our highest priority. Palo Alto Networks and its Unit 42 threat research team are continuing to closely monitor all developments. You can find regular updates, as well as Palo Alto Networks product protections and interim guidance here: https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| AutoFocus | None | All |
| Bridgecrew | None | All |
| Cloud NGFW | None | All |
| Cortex Data Lake | None | All |
| Cortex XDR | None | All |
| Cortex XDR Agent | None | All |
| Cortex Xpanse | None | All |
| Cortex XSOAR | None | All |
| Enterprise Data Loss Prevention | None | All |
| Exact Data Matching CLI | None | All |
| Expanse | None | All |
| Expedition Migration Tool | None | All |
| GlobalProtect App | None | All |
| IoT Security | None | All |
| Okyo Garde | None | All |
| Palo Alto Networks App for Splunk | None | All |
| PAN-OS | None | All |
| Prisma Access | None | All |
| Prisma Cloud | None | All |
| Prisma Cloud Compute | None | All |
| Prisma SD-WAN (CloudGenix) | None | All |
| Prisma SD-WAN ION | None | All |
| SaaS Security | None | All |
| User-ID Agent | None | All |
| WildFire Appliance (WF-500) | None | All |
| WildFire Cloud | None | All |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
Solution
No software updates are required at this time.
Workarounds and Mitigations
Palo Alto Networks product protections for MOVEit Transfer vulnerabilities are captured in Unit 42's Threat Brief: https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/. These mitigations reduce the risk of exploitation from known exploits.