PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036)
Informational
The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical Structured Query Language injection (SQLi) vulnerabilities (CVE-2023-34362, CVE-2023-35036) in the MOVEit Transfer product. Palo Alto Networks does not use MOVEit Transfer and is not impacted by these vulnerabilities.
Protecting our customers is our highest priority. Palo Alto Networks and its Unit 42 threat research team are continuing to closely monitor all developments. You can find regular updates, as well as Palo Alto Networks product protections and interim guidance here: https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
Versions | Affected | Unaffected |
---|---|---|
AutoFocus | None | all |
Bridgecrew | None | all |
Cloud NGFW | None | all |
Cortex Data Lake | None | all |
Cortex XDR | None | all |
Cortex XDR Agent | None | all |
Cortex Xpanse | None | all |
Cortex XSOAR | None | all |
Enterprise Data Loss Prevention | None | all |
Exact Data Matching CLI | None | all |
Expanse | None | all |
Expedition Migration Tool | None | all |
GlobalProtect App | None | all |
IoT Security | None | all |
Okyo Garde | None | all |
Palo Alto Networks App for Splunk | None | all |
PAN-OS | None | all |
Prisma Access | None | all |
Prisma Cloud | None | all |
Prisma Cloud Compute | None | all |
Prisma SD-WAN (CloudGenix) | None | all |
Prisma SD-WAN ION | None | all |
SaaS Security | None | all |
User-ID Agent | None | all |
WildFire Appliance (WF-500) | None | all |
WildFire Cloud | None | all |
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
No software updates are required at this time.
Customers with a Threat Prevention subscription can block known attacks for CVE-2023-34362 by enabling Threat IDs 93976 and 93977 (Applications and Threats content update 8720). These mitigations reduce the risk of exploitation from known exploits.