The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a essential safety vulnerability impacting Microsoft SharePoint Server to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.
The difficulty, tracked as CVE-2023-29357 (CVSS rating: 9.8), is a privilege escalation flaw that could possibly be exploited by an attacker to realize administrator privileges. Microsoft launched patches for the bug as a part of its June 2023 Patch Tuesday updates.
“An attacker who has gained entry to spoofed JWT authentication tokens can use them to execute a community assault which bypasses authentication and permits them to realize entry to the privileges of an authenticated consumer,” Redmond mentioned. “The attacker wants no privileges nor does the consumer must carry out any motion.”
Safety researcher Nguyễn Tiến Giang (Jang) of StarLabs SG demonstrated an exploit for the flaw on the Pwn2Own Vancouver hacking contest final 12 months, incomes a $100,000 prize.
The pre-authenticated distant code execution chain combines authentication bypass (CVE-2023–29357) with a code injection bug (CVE-2023-24955, CVSS rating: 7.2), the latter of which was patched by Microsoft in Might 2023.
“The method of discovering and crafting the exploit chain consumed almost a 12 months of meticulous effort and analysis to finish the complete exploit chain,” Tiến Giang famous in a technical report revealed in September 2023.
Further specifics of the real-world exploitation of CVE-2023–29357 and the id of the risk actors that could be abusing them are presently unknown. That mentioned, federal businesses are really useful to use the patches by January 31, 2024, to safe towards the lively risk.
