Microsoft SharePoint Server Vulnerabilities Chained to Achieve Remote Code Execution

by Esmeralda McKenzie
Microsoft SharePoint Server Vulnerabilities Chained to Achieve Remote Code Execution

Microsoft SharePoint Server Vulnerabilities Chained to Achieve Remote Code Execution

Microsoft SharePoint Server Vulnerabilities Chained to Procure A long way-off Code Execution

Microsoft SharePoint Server change into reported with two vulnerabilities, CVE-2023-29357 and CVE-2023-24955, which threat actors can impart for reaching faraway code execution (RCE) against Microsoft SharePoint Server.

These vulnerabilities had been came upon as share of the Zero Day Initiative’s Pwn2Own contest conducted in March 2023. The STAR labs team change into able to search out this vulnerability and had been rewarded $100,000 for their finding.

On the varied hand, security researcher Nguyễn Tiến Giang published a GitHub repository containing the proof-of-notion (PoC) for the exploit chain, which can presumably per chance presumably chain these two vulnerabilities to whole worthwhile faraway present execution.

Doc

FREE Demo

Deploy Evolved AI-Powered E mail Security Resolution

Implementing AI-Powered E mail security alternate suggestions “Trustifi” can stable your industry from on the present time’s most awful electronic mail threats, equivalent to E mail Monitoring, Blocking off, Modifying, Phishing, Account Hang Over, Industry E mail Compromise, Malware & Ransomware

CVE-2023-29357 & CVE-2023-24955 – Technical Evaluation

CVE-2023-29357 change into a Privilege Escalation vulnerability that existed on the Microsoft SharePoint Server, which threat actors can exploit by sending a spoofed JWT (JSON Internet Token) authentication token to the Microsoft SharePoint Server, which can presumably per chance presumably elevate their privileges. This vulnerability had a severity of 9.8 (Important).

CVE-2023-24955 change into a A long way-off Uncover Execution vulnerability affecting the an analogous Microsoft SharePoint Server and had a severity of 7.2 (Excessive). Microsoft patched both of these vulnerabilities as share of their Could well impartial and June security patches.

Exploit Chain

After conducting quite loads of research for over a year, security researcher Jang mixed the authentication bypass vulnerability with the code injection vulnerability, which resulted in an unauthenticated RCE on the Microsoft SharePoint Server. A Proof-of-notion video change into also published, which demonstrated the attack and exploitation.

Additionally, it change into price noting that the protection researchers made sure that the publicly readily available proof-of-notion doesn’t conclude unauthenticated RCE, as threat actors can admire different malicious activities with a publicly readily available exploit.

Users of the Microsoft SharePoint server are advised to patch these vulnerabilities by following the Microsoft Security patch released every second Tuesday of every month.

Source credit : cybersecuritynews.com

Related Posts