CISA adds CVE-2023-24955 after CVE-2023-29357 to its Known Exploited Vulnerability Catalog
The vulerabilities pertain to Microsoft Sharepoint
2 min. read
Published on
Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more
From time to time, we find out about vulnerabilities in programs. But unless they are critical or directly affect us, there’s little to worry about. This time around, it does!
CISA has added two Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerability Catalog, CVE-2023-24955, on March 26, 2024, and CVE-2023-29357, on January 10, 2024. And both have been marked Critical.
All about the two vulnerabilities
CISA describes CVE-2023-24955, titled Microsoft SharePoint Server Code Injection Vulnerability, as,
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
It recommends that you either apply the available fix or stop using Microsoft Sharepoint until the vulnerability is patched.
As for CVE-2023-29357 titled, Microsoft SharePoint Server Privilege Escalation Vulnerability, CISA describes it as,
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
As was the case previously, you are recommended not to use the product in the absence of a fix.
Star Labs researchers tried exploiting the vulnerabilities and demonstrated it in a post on X (formerly Twitter).
Star Labs also shared a document describing the process in detail.
Soon, several Proof-of-Chain (PoC) exploits were developed and deployed by threat actors. The newer ones were relatively simple, allowing anyone to launch attacks.
After CISA added CVE-2023-29357 to the list, all US Federal Agencies were supposed to patch it by the end of the month, i.e., Jan 31. Similarly, for CVE-2023-24955, the US Federal Agencies have until April 16 to deploy a patch and secure the server.
You will find a dedicated page for CVE-2023-29357 and CVE-2023-24955 on the Microsoft Security Response Center detailing the work done by the developers.
In the past, Microsoft has addressed CVEs and continues to do so as more and more are reported by users!
Are you concerned about the Microsoft SharePoint vulnerabilities? Share with our readers in the comments section.