CVE-2023-33134: Microsoft SharePoint Server Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2023-Jul

Released

2023-07-11

EPSS Score

0.54% (percentile: 67.6%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Within a SharePoint site, the attacker must be authenticated, and they would need to have the “Use Remote Interfaces” and “Add and Customize Pages” permissions on a Policy Center site to be able to exploit this vulnerability. What is the attack vector for this vulnerability? In a network-based attack, the attacker must be authenticated to a SharePoint Online tenant associated with a hybrid deployment to tamper with data. This tampered data is synchronized down to the on-premises server and exploits the vulnerability. The attackers code will run in the context of the SharePoint timer service on the on-premises server.

Affected Products (3)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition

Security Updates (3)

• 5002425
• 5002423
• 5002424

Acknowledgments

<a href="https://github.com/zcgonvh">zcgonvh</a>

Revision History

• 2023-07-11: Information published.