CISA warns of Microsoft SharePoint vulnerability actively exploited
Take action: If you are using Microsoft Sharepoint, make sure it's isolated from the internet and then patch. If it needs to be exposed to the internet, patch ASAP.
Learn More
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in Microsoft SharePoint.
The flaw is a code injection tracked as CVE-2023-24955 (CVSS score 7.2) and allows authenticated attackers with Site Owner privileges to perform remote code execution (RCE) on vulnerable SharePoint servers. A related critical privilege escalation flaw, CVE-2023-29357 (CVSS score 9.8) has been discovered that enables remote attackers to gain administrative privileges via spoofed JWT authentication tokens.
These vulnerabilities can be exploited in tandem to achieve RCE on unpatched SharePoint servers without requiring authentication,.
Proof-of-concept (PoC) exploits for CVE-2023-29357 have ben publicly released, increasing the ease with which attackers can exploit these vulnerabilities.
While CISA has not provided specific details on the attacks exploiting these SharePoint vulnerabilities. However, given the potential for these vulnerabilities to be leveraged in sophisticated cyber-attacks, including ransomware, organizations are advised to apply Microsoft’s mitigations.
