By NewsBlogger CISA warns of vulnerabilities in Microsoft SharePoint that could allow attackers to remotely execute code and gain admin privileges, urging organizations to patch the flaws to prevent potential security breaches.
At a glance
- CISA warns of threats exploiting vulnerabilities in Microsoft SharePoint
- CVE-2023-24955 allows authenticated attackers to execute code remotely
- CVE-2023-29357 enables remote attackers to gain admin privileges
- Combining vulnerabilities can lead to Remote Code Execution (RCE)
- CISA takes proactive measures, adding CVE-2023-29357 to the Known Exploited Vulnerabilities Catalog
The details
The Cybersecurity and Infrastructure Security Agency (CISA) has warned about potential threats exploiting vulnerabilities in Microsoft SharePoint.
One vulnerability, identified as CVE-2023-24955, allows authenticated attackers with Site Owner privileges to execute code remotely.
Another flaw, CVE-2023-29357, enables remote attackers to gain admin privileges on susceptible SharePoint servers.
Combining Vulnerabilities
Unauthenticated attackers can combine these vulnerabilities to achieve Remote Code Execution (RCE) on unpatched servers.
A proof-of-concept exploit for CVE-2023-29357 has been publicly released on GitHub, and threat actors could potentially alter the exploit to complete the chain for RCE attacks.
Multiple Proof of Concept (PoC) exploits targeting this vulnerability chain have emerged online.
Proactive Measures
CISA has taken proactive measures in response to the threat, adding CVE-2023-29357 to its Known Exploited Vulnerabilities Catalog.
Federal agencies have been mandated to address the vulnerability by January 31, emphasizing the importance of securing SharePoint servers before April 16. Furthermore, CVE-2023-24955 has been identified as an actively exploited security flaw by CISA.
Although there is currently no evidence of these vulnerabilities being leveraged in ransomware attacks, CISA has underscored the significant risks posed to the federal enterprise.
Private organizations are strongly advised to prioritize patching this exploit chain to mitigate potential security breaches and block malicious attacks.
Article X-ray
Sources
Here are all the sources used to create this article:
Facts attribution
This section links each of the article’s facts back to its original source.
If you suspect false information in the article, you can use this section to investigate where it came from.
| bleepingcomputer.com |
|---|
| – CISA warns of attackers exploiting a Microsoft SharePoint code injection vulnerability – The vulnerability (CVE-2023-24955) allows authenticated attackers with Site Owner privileges to execute code remotely – A second flaw (CVE-2023-29357) enables remote attackers to gain admin privileges on vulnerable SharePoint servers – These vulnerabilities can be chained by unauthenticated attackers for RCE on unpatched servers – A proof-of-concept exploit for CVE-2023-29357 was released on GitHub – Threat actors could modify the exploit to complete the chain for RCE attacks – Multiple PoC exploits targeting this chain have surfaced online – CISA added CVE-2023-29357 to its Known Exploited Vulnerabilities Catalog – Federal agencies were ordered to patch the vulnerability by January 31 – CVE-2023-24955 was also added to the list of actively exploited security flaws by CISA – Federal agencies must secure their Sharepoint servers by April 16 – CISA has no evidence of the vulnerabilities being used in ransomware attacks – CISA stated that these vulnerabilities pose significant risks to the federal enterprise – Private organizations are advised to prioritize patching this exploit chain to block attacks. |
