Elevation of Privilege Vulnerability Affects SharePoint Server
CVE-2023-29357
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 14 June 2023
Badges
What is CVE-2023-29357?
CVE-2023-29357 is a vulnerability affecting Microsoft SharePoint Server, a widely used platform designed for collaboration, document management, and storage. This particular vulnerability allows an attacker to elevate their privileges, which could enable unauthorized access to sensitive data and critical functionalities within the SharePoint environment. The potential negative implications for an organization include data exposure, unauthorized actions taken within the system, and significant disruption to business operations.
Technical Details
The vulnerability results from improper handling of requests by SharePoint Server, which can be exploited by an authenticated user to gain elevated permissions. When exploited, an attacker may manipulate the application to perform actions on behalf of a user with higher privileges, thereby bypassing user authorization and security controls. This elevation of privilege can lead to unauthorized access to restricted data and functionalities, posing serious security risks to organizations relying on SharePoint for their operations.
Potential Impact of CVE-2023-29357
-
Unauthorized Data Access: Attackers exploiting this vulnerability could access confidential information stored within SharePoint, leading to potential data breaches and loss of sensitive business information.
-
Compromised System Integrity: The elevation of privileges may allow malicious users to modify, delete, or add content within SharePoint, which could disrupt normal operations, compromise project integrity, and impact collaboration.
-
Increased Risk of Ransomware Deployments: Given that the vulnerability has been confirmed as exploited in the wild, threat actors, including ransomware groups, might leverage this flaw to gain footholds in corporate networks, leading to more extensive attacks and potential financial losses.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10399.20005
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Last Week in Security (LWiS) - 2023-10-03
Nighthawk update (@MDSecLabs), Teams external splash bypass, MSI LPEs, and Zip+LNKs (@pfiatde), SCCM takeover (@_Mayyhem), .NET obfuscation (@eversinc33), JonMon (@jsecurity101), and more!
6 months ago
CISA tags Microsoft SharePoint RCE bug as actively exploited
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.
9 months ago
CISA: Critical SharePoint bug actively exploited
The flaw, which Microsoft has patched, could enable a remote code execution attack when paired with another known vulnerability.
1 year ago
References
EPSS Score
29% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by SC Magazine
Vulnerability published
Vulnerability Reserved