Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2024-38094
7.2HIGH

Key Information

Vendor
Microsoft
Status
Microsoft Sharepoint Enterprise Server 2016
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server Subscription Edition
Vendor
CVE Published:
9 July 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

This vulnerability (CVE-2024-38094) is a Microsoft SharePoint Remote Code Execution Vulnerability that is being actively exploited. The bug allows an attacker to inject code into vulnerable versions of SharePoint, potentially allowing them to execute arbitrary code in the context of the SharePoint server. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog and recommended prompt patching. Microsoft patched the vulnerability in July, and while it was not initially listed as exploited, exploitation was considered likely. With at least one proof-of-concept (POC) exploit available, the risk of malicious exploitation is high. All Federal Civilian Executive Branch agencies are mandated to apply the Microsoft fix, and organizations are strongly urged to prioritize timely remediation. Additionally, Microsoft addressed two other critical SharePoint Server flaws in its September Patch Tuesday event, further emphasizing the importance of patching to reduce exposure to potential cyberattacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38094 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 < 16.0.5456.1000

Microsoft SharePoint Server 2019 < 16.0.10412.20001

Microsoft SharePoint Server Subscription Edition < 16.0.17328.20424

News Articles

favicon imageCSO Online

A new SharePoint vulnerability is already being exploited

Microsoft SharePoint makes it simpler for enterprises to help employees discover documents on their internal network — but a recently exploited vulnerability is making easier for attackers to get inside the corporate network too.

3 weeks ago

favicon imageBleepingComputer

Microsoft SharePoint RCE bug exploited to breach corporate network

A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.

3 weeks ago

favicon imageeSecurity Planet

Vulnerability Recap 10/28/24: Cisco, Fortinet, VMware

This week’s security vulnerabilities include a couple of Cisco flaws and a Fortinet issue that took a while to be announced.

3 weeks ago

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • First article discovered by SecurityWeek

  • 👾

    Exploit exists.

  • Vulnerability published.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed8 News Article(s)
.