A patched privilege escalation vulnerability impacting Microsoft SharePoint servers has been added to the identified exploited vulnerabilities (KEV) catalog of the US Cybersecurity and Infrastructure Safety Company (CISA).
Citing proof of lively exploitation, CISA has tagged the essential severity bug Microsoft beforehand launched fixes for as a part of its June 2023 Patch Tuesday updates.
Tracked as CVE-2023-29357, the vulnerability (CVSS 9.8) permits an unauthenticated attacker, who has gained entry to spoofed JSON Net Token (JWT) authentication tokens, to make use of them for executing a community assault, in accordance with the KEV entry.
“This assault bypasses authentication, enabling the attacker to realize administrator privileges,” stated CISA within the entry. “Apply mitigations per vendor directions or discontinue use of the product if mitigations are unavailable.”
Doable exploits embrace pre-authentication RCE
Whereas specifics of the real-world exploitations of CVE-2023-29357 stay unknown, a StarLabs safety researcher, Nguyễn Tiến Giang, efficiently demonstrated a 2-bug chain exploitation of it at a pc hacking contest, PWN2OWN held in March 2023.
The competition exploit had mixed two vulnerabilities to attain pre-auth distant code execution (RCE) on the SharePoint server. Whereas the primary vulnerability (CVE-2023-29357) allowed bypassing authentication on SharePoint OAuth authentication by benefiting from a flawed signature validation algorithm for JWT tokens, a second code injection vulnerability (CVE-2023-24955) allowed inserting arbitrary code with already obtained SharePoint proprietor permissions.
