Security News > 2024 > March > CISA tags Microsoft SharePoint RCE bug as actively exploited

CISA tags Microsoft SharePoint RCE bug as actively exploited
2024-03-27 16:24

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.

These two SharePoint Server security vulnerabilities can be chained by unauthenticated attackers to gain RCE on unpatched servers, as STAR Labs researcher Nguyễn Tiến Giang demonstrated during last year's March 2023 Pwn2Own contest in Vancouver.

Although the PoC exploit did not allow attackers to gain remote code execution on targeted systems, threat actors could still modify it to complete the chain with CVE-2023-24955 exploitation capabilities for RCE attacks.

While CISA didn't share any details regarding attacks exploiting the two Sharepoint vulnerabilities, the cybersecurity agency did say it has no evidence they were used in ransomware attacks.

CISA: Critical Microsoft SharePoint bug now actively exploited.

Exploit released for Fortinet RCE bug used in attacks, patch now.


News URL

https://www.bleepingcomputer.com/news/security/cisa-tags-microsoft-sharepoint-rce-bug-as-actively-exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-24955 Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
Microsoft SharePoint Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-94
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 701 775 4527 4650 3617 13569