9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
attack.mitre.org/groups/G0091/
attack.mitre.org/software/S0383/
attack.mitre.org/techniques/T1059/003/
attack.mitre.org/versions/v12/matrices/enterprise/
attack.mitre.org/versions/v13/software/S0154/
attack.mitre.org/versions/v13/software/S0381/
attack.mitre.org/versions/v13/software/S0461/
attack.mitre.org/versions/v13/techniques/T1018/
attack.mitre.org/versions/v13/techniques/T1018/
attack.mitre.org/versions/v13/techniques/T1021/002/
attack.mitre.org/versions/v13/techniques/T1041/
attack.mitre.org/versions/v13/techniques/T1055/
attack.mitre.org/versions/v13/techniques/T1055/
attack.mitre.org/versions/v13/techniques/T1059/001/
attack.mitre.org/versions/v13/techniques/T1059/001/
attack.mitre.org/versions/v13/techniques/T1068/
attack.mitre.org/versions/v13/techniques/T1070/
attack.mitre.org/versions/v13/techniques/T1070/
attack.mitre.org/versions/v13/techniques/T1071/
attack.mitre.org/versions/v13/techniques/T1071/
attack.mitre.org/versions/v13/techniques/T1105/
attack.mitre.org/versions/v13/techniques/T1105/
attack.mitre.org/versions/v13/techniques/T1105/
attack.mitre.org/versions/v13/techniques/T1113/
attack.mitre.org/versions/v13/techniques/T1113/
attack.mitre.org/versions/v13/techniques/T1129/
attack.mitre.org/versions/v13/techniques/T1129/
attack.mitre.org/versions/v13/techniques/T1190/
attack.mitre.org/versions/v13/techniques/T1190/
attack.mitre.org/versions/v13/techniques/T1505/003/
attack.mitre.org/versions/v13/techniques/T1505/003/
attack.mitre.org/versions/v13/techniques/T1546/011/
attack.mitre.org/versions/v13/techniques/T1546/011/
attack.mitre.org/versions/v13/techniques/T1563/002/
attack.mitre.org/versions/v13/techniques/T1566/
attack.mitre.org/versions/v13/techniques/T1574/002/
attack.mitre.org/versions/v13/techniques/T1574/002/
community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
github.com/AhmetPayaslioglu/YaraRules/blob/main/MOVEit_Transfer_Critical_Vulnerability.yara
github.com/cisagov/cset/releases/tag/v10.3.0.0
nvd.nist.gov/vuln/detail/CVE-2023-0669
nvd.nist.gov/vuln/detail/CVE-2023-34362
nvd.nist.gov/vuln/detail/CVE-2023-34362
nvd.nist.gov/vuln/detail/CVE-2023-34362
pages.nist.gov/800-63-3/
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=%23StopRansomware%3A%20CL0P%20Ransomware%20Gang%20Exploits%20CVE-2023-34362%20MOVEit%20Vulnerability+https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cyber-hygiene-services
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/report
www.cisa.gov/stopransomware
www.cisa.gov/stopransomware/ransomware-guide
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a&title=%23StopRansomware%3A%20CL0P%20Ransomware%20Gang%20Exploits%20CVE-2023-34362%20MOVEit%20Vulnerability
www.fbi.gov/contact-us/field-offices
www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response
www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response
www.ic3.gov/
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
www.mandiant.com/resources/blog/zero-day-moveit-data-theft
www.mandiant.com/resources/blog/zero-day-moveit-data-theft
www.mandiant.com/resources/blog/zero-day-moveit-data-theft
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=%23StopRansomware%3A%20CL0P%20Ransomware%20Gang%20Exploits%20CVE-2023-34362%20MOVEit%20Vulnerability&body=www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%