CVE-2023-24955: Microsoft SharePoint Server Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 7.2)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2023-May

Released

2023-05-09

EPSS Score

91.62% (percentile: 99.7%)

CISA KEV

Listed — due 2024-04-16

FAQ

How could an attacker exploit the vulnerability? In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.

Known Exploits (1)

• Microsoft SharePoint Server Code Injection Vulnerability — added 2023-12-28T09:08:47Z

Detection & Weaponization (2 sources)

Maturity: Exploit

• Metasploit modules: Sharepoint Dynamic Proxy Generator Unauth RCE
• GitHub PoC: 1 repositories

Affected Products (3)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition

Security Updates (3)

• 5002397
• 5002389
• 5002390

Acknowledgments

<a href="https://twitter.com/testanull">Jang (Nguyễn Tiến Giang) of StarLabs SG</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>

Revision History

• 2023-05-09: Information published.