January 12, 2024 at 05:43PM
The Cybersecurity and Infrastructure Security Agency (CISA) added a critical privilege escalation vulnerability, CVE-2023-29357, affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV). This vulnerability, rated 9.8 out of 10, allows attackers to bypass authentication and gain administrative access. Despite a June patch, active exploitation continues, as reported by CISA.
After reviewing the meeting notes, the key takeaways are:
1. CISA added a privilege escalation vulnerability, CVE-2023-29357, affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV).
2. The vulnerability is a “critical” 9.8 out of 10 on the CVSS scale, allowing attackers to bypass authentication checks and gain administrative access to a server using spoofed JSON Web Token (JWT) authentication tokens.
3. The vulnerability affects SharePoint Server 2016 and 2019 and is still being actively exploited despite Microsoft issuing a patch in June.
4. Researchers demonstrated the utility of CVE-2023-29357 at the Pwn2Own event in March 2023 and another independent researcher developed a proof-of-concept (PoC) exploit in September.
5. Security researcher Kevin Beaumont mentioned in a Mastodon post that one ransomware group has a working exploit for this vulnerability.
Please let me know if there’s anything else you would like to be included in the summary.