January 11, 2024 at 09:21AM
CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All organizations advised to review KEV catalog and apply patches promptly.
From the meeting notes, the key takeaways are as follows:
1. The US cybersecurity agency, CISA, has issued a warning regarding threat actors exploiting a critical Microsoft SharePoint Server vulnerability (CVE-2023-29357) with a CVSS score of 9.8, allowing unauthenticated attackers to gain administrator privileges.
2. This vulnerability was identified by Nguyễn Tiến Giang (Jang) of StarLabs SG and has been actively exploited by threat actors targeting SharePoint servers.
3. CISA has added CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to identify vulnerable instances and apply patches within 21 days as per the Binding Operational Directive (BOD) 22-01.
4. While BOD 22-01 only applies to federal agencies, CISA advises all organizations to review the KEV catalog entries and apply patches promptly or discontinue vulnerable products.
5. Microsoft has yet to update its advisory to confirm the active exploitation, but the vulnerability is classified as ‘exploitation more likely’.
6. CISA emphasizes the urgency of applying patches or discontinuing vulnerable products based on the KEV catalog.
I hope this summary is helpful. Let me know if you need further information or assistance.