CISA adds CVE-2023-24955 after CVE-2023-29357 to its Known Exploited Vulnerability Catalog

The vulerabilities pertain to Microsoft Sharepoint

News

Reading time icon 2 min. read

Calendar icon Published on

by Kazim Ali Alvi 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

microsoft sharepoint vulnerability

From time to time, we find out about vulnerabilities in programs. But unless they are critical or directly affect us, there’s little to worry about. This time around, it does!

CISA has added two Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerability Catalog, CVE-2023-24955, on March 26, 2024, and CVE-2023-29357, on January 10, 2024. And both have been marked Critical.

All about the two vulnerabilities

CISA describes CVE-2023-24955, titled Microsoft SharePoint Server Code Injection Vulnerability, as,

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

It recommends that you either apply the available fix or stop using Microsoft Sharepoint until the vulnerability is patched.

As for CVE-2023-29357 titled, Microsoft SharePoint Server Privilege Escalation Vulnerability, CISA describes it as,

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

As was the case previously, you are recommended not to use the product in the absence of a fix.

Star Labs researchers tried exploiting the vulnerabilities and demonstrated it in a post on X (formerly Twitter).

Star Labs also shared a document describing the process in detail.

Soon, several Proof-of-Chain (PoC) exploits were developed and deployed by threat actors. The newer ones were relatively simple, allowing anyone to launch attacks.

After CISA added CVE-2023-29357 to the list, all US Federal Agencies were supposed to patch it by the end of the month, i.e., Jan 31. Similarly, for CVE-2023-24955, the US Federal Agencies have until April 16 to deploy a patch and secure the server.

You will find a dedicated page for CVE-2023-29357 and CVE-2023-24955 on the Microsoft Security Response Center detailing the work done by the developers.

In the past, Microsoft has addressed CVEs and continues to do so as more and more are reported by users!

Are you concerned about the Microsoft SharePoint vulnerabilities? Share with our readers in the comments section.

More about the topics: Sharepoint issues

Kazim Ali Alvi

Kazim Ali Alvi Shield

Windows Hardware Expert

Kazim has always been fond of technology, be it scrolling through the settings on his iPhone, Android device, or Windows PC. He's specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem. Long-time Windows user, Kazim is ready to provide a solution for your every software & hardware error on Windows 11, Windows 10 and any previous iteration. He's also one of our experts in Networking & Security.